“When it comes to breaches of security,
it’s not a matter of ‘if’ but rather ‘when’.”
—Frank Abagnale

I’ve spoken to many audiences in my security career about how nothing good comes of the mindset that “it’ll never happen to me.” Unfortunately, I was reminded of my own vulnerability recently when I discovered that my beloved road bicycle had been “removed” from my (supposedly) secured underground garage. It’s not just the financial loss; it’s the lost confidence that I have in the security of the garage, and the guarded suspicion with which I now eye the other residents of my fairly small community. Although this type of crime is purely for material or financial gain, it tends to make you question the overall level of security, including your personal safety and that of your family.

I prefer to believe that the vast majority of people are good and honest, and the exceptions are those more driven by greed and selfishness. This personal event served as a good, albeit painful, reminder that it’s naive to assume that people won’t take advantage of a situation from which they might profit. Sometimes that situation might arise from an easy temptation; sometimes from a deliberate and planned act. But, we need to assume that, sooner or later, it will happen to all of us.

Costs of a Security Breach
Data theft typically is harder to detect than traditional theft because stolen data continues to reside on the server it was taken from. The latest PowerTech “State of IBM i Security” study reports that more than 10% of IBM i systems still don’t use the auditing functionality included in the operating system. These companies have zero visibility to security-related events. Many of the others are collecting events—but for purposes other than security forensics; and many have no procedures or training on how to interpret the data they collect...continue