It's time to confess: how would you gain illicit access to a corporate network?
I have a confession to make: I'm not a hacker. At no point have I attempted to hijack my way onto someone else's network or manipulate someone into giving me their password. Nor do I associate with people who do, or at least not to my knowledge.
On the other hand, I have attended numerous briefings from big IT companies who tell me that hacking is a problem and I need to warn my readers about it. That is very possibly true, but without concrete data it's impossible for me to know who's selling elephant repellent and who isn't.
If you're confused about elephant repellent, let me draw upon my Crack-a-Joke joke book, circa 1980. Man 1 (on seeing Man 2 spraying a can's contents onto the road): Why on earth are you doing that? Man 2: It's elephant repellent. Man 1: But why? There aren't any elephants. Man 2: Exactly! See how effective it is?
Now, I'm not for a moment suggesting that data hacking isn't a problem. Every month seems to see another data breach, whether it's fresh revelations from Sony, “private” celebrity photos stored on iCloud or yet more scandals from Morgan Stanley.
What's much more difficult to know is how people are gathering the data. The logic is that hackers will attack the weakest link. If your company is unprotected then it makes you more attractive than one guarded to the hilt.
Likewise if you narrow it down to one company. If every PC, laptop and phone is sealed tighter than a gnat's you-know-whats, then surely a hacker would sniff around for other opportunities. In the case of Target, that was its point of sale software.
But that's just one option. You might hunt out a disgruntled employee and get them to give you their credentials in return for cash. Or, as HP argued at its Barcelona launch of the “world's most secure printers” (which was what got me thinking about this in the first place), it could be the printer.
Indeed, at the same conference, the Ponemon Institute revealed early data – from a report being published next month – that suggests 53% of IT managers believed their printers were vulnerable to cybercrime.
I don't know, though, whether or not HP is selling elephant repellent. It showed a convincing demo, where someone injected malware into its BIOS and the printer automatically shut it down, but is this theory or is it genuinely happening?
That's what I'd love to know. So, please share. Perhaps you've been a victim of an attack. Perhaps you're the one who's done the attacking. Perhaps you have a “friend” who you'd like to speak on behalf of.
I realise I can't know for sure whether you're telling the truth, but I'd love to see some evidence. A footprint in the butter, if you will. And if you don't get that joke, maybe you should check if your refrigerator is running...