You can't secure what you don't acknowledge.SM

Wednesday, June 8, 2011

Weiner fallout: "I got hacked" is the new scapegoat

I recently met up with some technology lawyer colleagues after work and we shared our thoughts on the Anthony Weiner "incident". We were talking about how early on in the saga no one but Weiner and the lucky recipients of his tweets really knew what the truth was. Predictably, as we're seeing and hearing more and more these days, Weiner came out and said "I was hacked. It happens to people." In other words, instead of claiming personal responsibility for the issue, he could just claim someone else did it and hopefully wash his hands of the issue.

Don't get me wrong. Companies and people do get hacked, but hacking is not always what caused the problem.

Then it came to us, "I've been hacked" is the new scapegoat. Savvy politicians and business leaders know that getting "hacked" is a generic enough claim that the general public may buy it. After all, many people believe that hacking is this mysterious, intangible "thing" that just happens these days. It's simply dismissed as "Oh well, sucks to be that person or business". Such an excuse is very similar to what I've written about "computer glitches". It's an easy way out.

Interestingly, one thing that hasn't really been discussed in the media covering WeinerGate was here's how you get to the truth...you do X, Y and Z to reveal what really happened. Be it a simple forensics analysis of Weiner's computer(s) all the way to subpoenaing Twitter for their log files associated with the usernames, dates and times in question, there's a way to get to the bottom of such matters. These procedures are carried out as part of the legal process in countless investigations and lawsuits every day in the US. But we weren't hearing about that.

We now know that a formal investigation wasn't needed with Weiner. However, if you're caught in a bind and need to prove your innocence, the e-discovery and forensics processes have a nice way of working things out...It's all a matter of choice and, I suppose, context.

Perhaps it's time to step back, fix the low-hanging fruit that's putting your business at risk, and move forward with your chin up willing to take responsibility for information security once and for all. No scapegoats necessary...

No comments:

Post a Comment