During a single week in January, three avoidable security breaches showed what role people play in facing catastrophic security breaches. The board of a major French bank was debating whether to fire its chief executive whose rogue trader cost the enterprise $7.2 billion and set up the business for a hostile takeover (Reuters’s January 30 article, Soc Gen board ponders chairman fate, http://news.yahoo.com/s/nm/20080130/bs_nm/socgen_dc). Lesson: The time for executive involvement in security is before the catastrophic loss, not after.
Across the Atlantic, in Texas, a personal catastrophe. A Greek Orthodox bishop’s car was burglarized while he was out to dinner. The victim, himself a former US Marine, lamented the irreplaceable losses not only of a jeweled ceremonial crown valued up to $10,000 but also of a black bag given to him by the widow of a fellow Marine. The bishop felt lost without the bag, a sentimental attachment of 22 years. (Dallas/Ft. Worth NBC News of January 27, http://www.nbc5i.com/newsbycounty/15149212/detail.html) Lesson: If something is invaluable, treat it that way – all the time.
Finally, a security success story emerges, relatively unheralded. An alert Swedish bank employee managed to thwart a Mission Impossible-style digital bank heist in progress. Thieves had managed to place a device or devices under the employee’s desk. At the appointed hour, when the thieves were poised to seize control of a computer and electronically transfer millions out of the bank, the employee recognized something amiss and literally pulled the plug on a device. This action stopped the transaction at the last second. (AP article of January 30, Swedish bank stops digital theft, http://ap.google.com/article/ALeqM5jAz3WqAdnaAcvzcllNpnJbyArdvgD8UG7LIG2) Lesson: There is no more effective security measure than an alert employee who acts on suspicions.
Defending assets is quiet work, taking more diligence than dash. Only security failures make headlines.
– Nick Catrantzos