06 Jan 2011  What Do YOU Think?

How Should Management Deal With “Anonymous”?

Summing Up When it comes to the leaky Web, Jim Heskett's readers say assume the worst and act accordingly. (New forum on February 3.)

 

Summing Up

The title of this wrap-up and the one that accompanied this month's original column basically just deletes "Wikileaks." The original title was my mistake. The intent was not to direct attention to Wikileaks in a manner that Dan Quizal rightly referred to as a "20th Century view," but to ask how, if at all, organizations can or should be defended against the response from Anonymous? Its actions, triggered by the attacks on Wikileaks, hinted at a future of everything from Internet mischief (a la Anonymous) to cyber warfare, with business as potential collateral or intended victim. (Ironically, in the meantime we have learned that the "worm" that attacked Iran's nuclear centrifuges and sent them whirling out of control and into self-destruction in all likelihood was carefully engineered and surgically directed at the centrifuges, suggesting the possible. Next time the target may not be Iran.)

Getting back to my misstated question, none of you aimed your criticism at the technology, even lauding it, as Mark O'Connor did, as the "great equalizer." In Bev Stehn's words, "What is to be 'managed,' the tools of communication or those individuals using the tools?" Rather the problem for many of you is management itself, ranging from lack of transparency (Shantha Yahanpath. Bruce Watson) to a failure to support "whistle blowing" (Ratnaja Gogula), as well as individual failure to exercise care. As C. J. Cullinane said, "maybe the only thing that can help is common sense and learning to keep our mouths, and e-mails, shut."

The most prevalent attitude about dealing with a leaky Internet was to assume the worst and act accordingly. In Mike Schorah's words, assume that "A world where everyone knows exactly what everyone else is doing does seem to be where we're heading." Antidotes to these challenges are reasonably clear: In addition to greater transparency and support for "whistle blowers," several of you suggested the possibility of government protection. As Fidel Arcenas put it "government must be able to monitor and regulate Internet activities that adversely affect people's safety and welfare." Few were convinced that technology itself would provide more than temporary defenses.

The use of the Internet for spying was also regarded as inevitable. In addition to care in the use of the Internet, Gerald Nanninga pointed out that the best defense might well be a carefully-crafted strategy that competitors can't replicate even if they are familiar with it . Another creative proposal, leaking "outright disinformation," was suggested by M. P. Campbell.

This still leaves us with the question of the long-term implications of cyber-warfare for business. Unlike nuclear threats, at least for now they don't represent real threats to life. But for that reason, they are much more likely to be employed than nuclear weapons. What happened in Iran raises real questions about the implications of criminal or terrorist use of cyber weapons to destroy business assets. Should management be concerned about them? What, if anything, can or should be done about it at the organizational level? And finally, did any of you other than David Physick pick up on the irony that our discussion of transparency, Wikileaks, and Anonymous was joined by nearly 20 percent of respondents under the cover of "anonymous"? What do they have to hide? What do you think?

Original Article

You've heard the advice that writing down sensitive things runs the risk of discovery in a legal case. The wise don't do it. But this can be a costly practice, given our faulty memories. And in the age of WikiLeaks and the Internet, when every "secret" seemingly becomes public before long, the new advice is to avoid trying to keep information secret.

Recently we were reminded about the insecurity of information stored and processed on Internet-based systems, a series of online reprisals against the Swedish government, Amazon, the Dutch police, Sarah Palin, MasterCard, Joe Lieberman, PayPal, and Visa. The connection? Individuals and organizations speaking out against and refusing service to WikiLeaks. The attacker and the cause? A crowd (I don't know what else to call it, since it is not an organized group) that calls itself Anonymous and that was spawned by ideas exchanged on an Internet message board, 4chan, in defense of Internet freedom. The weapon? According to the Financial Times, "Anonymous encouraged 'hactivists' to download a simple tool-known as the 'low orbit ion cannon'-that allows their computers to be used to inundate the targeted website with requests and bring it down."

What has happened to Internet security, you might ask? Apparently it still exists to some degree for one third of the organizations that have taken precautions to protect themselves. It works, too, for individuals who are careful about changing passwords regularly (so that, if you're like me, you can't even remember your own password from time to time). But user names, passwords, and Internet addresses have been pilfered from sites like Gawker, reportedly giving the hackers access to planned web site changes and advertising strategy.

So the possibilities of damage are endless, ranging from random (at least not formally organized) theft by amateur hackers, organized theft by criminals, and efforts by international terrorists to target and shut down, or threaten to shut down, everything from bank accounts to nuclear processing facilities.

There has been an immediate call for risk management plans in those business and governmental organizations that don't already have them. But let's assume that such plans only deter the amateurs and criminals for fleeting periods of time and that in fact it becomes impossible to hide or otherwise keep information confidential.

What implications does this have for the management of a medium- to large-size organization that has become wedded to the economies and convenience of the Internet? For example, assuming that email even exists five years from now, will we be able to use it for business purposes? Will large data files have to be "disconnected" from networks so that their security can be preserved, with the attendant loss of connectivity with other files? Will the ultimate irony occur that the Internet becomes essentially useless to managers for strategic and other important matters?

What, if anything, can or should be done to combat Internet theft and terrorism? How will Anonymous and friends affect management in the future? What do you think?

Reference:

Tim Bradshaw, "Anonymous cyberwarriers stun experts," Financial Times, December 12, 2010, p. 3.

Comments

    • CJ Cullinane

    Thoughout history there have been 'information leaks' but with our high-speed, world-wide, open access, technologies there seems to be an epidemic of them. It is an enormous problem but with good guidelines and training it can be held to a minimum in most organizations.

    Every organization has it's malcontents and I do not believe these folks can be kept in check by policy or training. It is in the best interests of companies to keep everything above board and open (honest). A policy of zero tolerance can help but would have to be enforced even on people who have left the organization and how could we do that and at what cost.

    Like many problems such as this maybe the only thing that can help is common sense and learning to keep our mouths , and e-mails, shut.

     
     
     
    • Anonymous

    I am somewhat concerned that you are compressing all users of the DDOS tool into the same category, particularly because you conclude this category by a mention of nuclear power plants, theft and terrorism. You do add the "if anything" in the final paragraph, but it almost seems like an empty question in the context of the piece. Having said that, I understand that a brief article cannot go into the complexity of DDOS attacks. I just hope you will be aware in your writings that the use of this tool is highly ambiguous. For example, the tool has been used in support of and against the wikileaks site.

    CJ Cullinane points out that honesty would be the best policy with the changes sites such as wikileaks and organisations such as Anonymous. Absolutely. This is one of the increasingly apparent social changes being wrought by the internet; that is, we are using technology to generate a world reflective of earlier social forms, such as a world where everyone knows exactly what everyone else is doing. The alternative to this mob-empowered (or 'democratically empowered') society is, of course, to take a violent and iron-fisted approach to internet use, such as has been done in many oppressive and anti-democratic countries. Let us hope that we in western countries attempt to live up to the ideals we are founded on, and rather than the mob/democratic majority being crushed by threatened powerful interests, we should aim to regulate and organise it, so that it is more effective while being less dangerous.

    The question is not, "how do we stop this new force from attacking our structure", but "how do we incorporate this force into our structure". It might even be more profitable to do it that way.

     
     
     
    • Dr Shantha P Yahanpath
    • Director, Agape International

    In my view, the question is "should management fight "anonymous" Or WikiLeaks? It appears that the world is moving towards "full transparency" and we have no option but to embrace it. On balance this should be more positive than negative.

     
     
     
    • Fidel M. Arcenas
    • TIEZA - Philippines

    We had it coming. When government fails to cope with advances in information technology, we face the risk of individuals or groups/organizations to exploiting such technology for highly dubious ends. This is not only true for terrorists groups but for business organizations as well.

    The speed and volume of financial transactions through the internet are mind-boggling. When governments lack the tools to protect innocent investors from internet scams - who else is there to protect them?

    This is not saying that government has to violate the citizens' right to privacy. But government must be able to monitor and regulate internet activities that adversely affect people's safety and welfare. I think it was Albert Camus who said: "If the center cannot hold, anarchy will reign."

     
     
     
    • Stephen Basikoti

    Balance, which many times is also fleeting and transient, is the key. Managers should avoid comments that are too colorful on people, entities and events. On the other hand, basics of essential situations should be captured in objective language for strategic planning and execution.

    Like all human inventions the Internet has its benefits and risks. As long as it continues to have unique benefits managers will continue to use it while at the same time being cognizant of the fact that its openness calls for caution.

     
     
     
    • Anonymous

    Behave oneself ... and never commit anything the least bit controversial to writing.

     
     
     
    • Mark O'Connor

    I remember the first time one of our IT people installed the Mosaic browser on my desktop close to 20 years ago. The Internet was a very different place then. But within 2 hours I had told everyone in my department at firm that business as we know it was about to change. People that were not insulated from those early years of the commercial Internet remember that anyone would be "flamed" if they sent an email to a person they didn't know. Those were the first "cyber attacks," where your email account would soon be filled with thousands of retaliatory messages for the perceived indiscretion. We now view that enforcement of norms as illegal. But we lose sight of the real problem and its origins. The Web existed long before Al Gore claimed to invent it, and there were conventions then that had been violated, just as we are violating privacy conventions today (legitimate and illegitimate). We're finally discussing how the web is shifting the conventions of disclosure, and the ability of businesses and governments to protect information many would like to ensure never sees the light of day. Make no mistake, this too is organized activity that modern society should have eradicated long ago. But it has lived on, protected by confidentiality agreements, compensation for cooperation, retribution in retaliation for disclosure, and a general perception that it is OK for companies, cops, courts, and criminals operating within otherwise legitimate organizations to protect dubious acts. But the Internet is the great equalizer. While we have trouble dealing with the real-world implications of our inability to block disclosure, the system's ability to fight it is becoming overwhelmed. The ability of those who would argue that privacy trumps the law will likely see a dramatic change in the next 20 years. The tipping point will come when legislation is adopted that legalizes the use of lie detector s and similar technologies that have been blocked from incorporation within our judicial process. They are now proven effective by most law enforcement organizations, the financial services industry, government intelligence agencies, and other areas of society that haven't blocked their use to assess truth with disinformation on their efficacy. I very much look forward to the day the final barriers to adoption will fall. We should redirect our energies toward making that day happen, and more closely scrutinize what constitutes theft and terrorism.

     
     
     
    • Bev Stehn
    • Director of Nursing, Kirkbrae Presbyterian Homes

    What is to be 'managed', the tools of communication or those individulas using the tools? Is history repeating itself by 'fearing' the writtrn word or has the majority of people embraced the electronic communication era. I'm in my 60s and remember so very well travelling O/S in my early 20's and writing letters to my concerned parents as I passed thru war torn countries - today I email my family attaching photos of my escaspades. In business I undertake research on line, communicate via intranet and internet. The difference is the means of communication not the content, always being careful to maintain confidentiality of sensitive information and never criticising others. The written scribbles discarded into my rubbish bin next to my desk my also be accessed by those who want to snoop into my thinking and decision making processes. People need to be managed, no matter what communication tools are used.

     
     
     
    • Hugh Quick
    • sitting, none

    Enterprises of all sorts, including businesses, prosper or fail due to the people involved. Leaks are not new and the scale of many things has increased lately. Hugh Quick

     
     
     
    • Mike Schorah
    • www.MikeSchorah.com

    "A world where everyone knows exactly what everyone else is doing" (comment #2, by Anonymous) does seem to be where we're heading.

    True, historians think this was pretty much how people lived in the past, but only in the context of the hundred or so people in their small village community. The differences now are many:

    1. What we do and say is known on a much broader scale
    2. It's stored, indexed and searchable by others outside our circle - perhaps on a global scale.
    3. It's "monetized," at least it is grist to the mill of targeted advertising that generates financial benefit to others, not me.

    Yes, expect 'privacy' to be seen as an historical aberration; but also expect it to have a commercial value in and of itself so that, for some in some circumstances, privacy will be worth the premium costs of time and technology to ensure it exists.

     
     
     
    • shadreck saili
    • UCT

    This is an exciting topic. Exciting in the sense that it underscores the fact that the magnitude of risk of any system, product etc, is a resultant of a correlating relationship of the complexity of such a system or product. In other words the handier you envisage a product or service to be the higher and more sophisticated the expected risk. In my view this is an expected risk. The implication of risks of these gadgets (that we develop i.e. computer programs-internet, cell phones, vehicles etc) on management of medium to large size organizations should be segmented. True; for certain strategic or nor strategic files that any institution risks losing to other forces such as competitors as an example , the use of networks for such data will dwindle on security grounds unless counter systems to take care of such are developed- which is possible. For information that is not very risk to loss, with marginal implications, management should be able to make that movable to anyone. This would help develop a system and sense that regulates itself. (Mind you even a well intended use of product such a cell phone may be abused for evil acts i.e. use it for coordinating thief of funds, love, emotions etc) When everything is said and done, these challenges of internet thieves and terrorist will lead to development of advanced systems and add to the chain of evolution. Management therefore should endeavor to investment in research that would enhance evolution all the time as a way of managing the continuous change or dynamism doing things. Management fight is therefore on a moving target.

     
     
     
    • Tom Dolembo
    • Founder, New North Institute

    Security is the cornerstone of modern corporate strategy, and is the basis on our loss of "unfair advantage" in international business. The bizspy business is actively corporate on corporate, and is far more pervasive (if not universal) than believed. The idea that the Russians or Chinese are prime culprits is gross simplification. Many multinational companies spy regularly and systematically, and the up-to-the microsecond competitive information is core to corporate success or failure. Live with it. Corporate security issues operate under a number of myths. The most often disproved is that security applies to attacks by external intruders. In fact, most security breaches are directly the result of either password breaches offered up by employees (the top execs are often the worst offenders), or the result of basket diving (all corporate info is public the moment it hits the wastebasket, not the dumpster). In security surveys and risk assessments of major on-line companies, I have found that back-door access is often quite easy, access by consultants is often unmanaged, and critical papers often wind up on zip drives. Expert corporate spies still rely on the tried and true dumpster dives and password leaks. Getting inside, to these folks, is simply not the problem. The problem is the sheer difficulty of finding the target information in the huge amount of available data. Corporations are private and should be able to discuss options freely without having to fear intrusion in a perfect world. But if you drive around Kendall Square, for instance, you will find cruising vans fully equipped with listening devices with no earthly reason to be there other that picking up high-tech data traffic and voice bounce from exposed windows. Palo Alto, etc. the same. Any corporate conversation that is not specifically scrambled or guarded should be considered exposed to publication, period. Zip drives walk out the door daily with more info on them than most corporations held in files ten years ago. Lost and stolen laptops carry vast amounts of corporate and classified govt documents, and the personal data is almost worthless these days on the black market it so easily obtained. Pennies per SSN down from dollars a few years ago.
    A corporate breach is corporate fault. As much as a CEO ( a term, by the way, that GoogleLabs finds was only commonly used after 1978 co-incident with the use of the term, "corporate strategy"), desires "security" to mean "information blockade", corporations (and the govt) rarely take the threat seriously and enact stern policies to control open traffic no matter how the issue is presented by the unfortunate consultant. Mention a hard-line laptop policy or a zip drive policy, and resistance builds fast. It should not be a surprise that we know far less about Russian, Korean or Chinese corporate data than they know about us. Who buys stolen laptops replaceble for $400 new? Major universities lose hundreds of laptops a year, many from high-tech labs, and they consider it street crime. Go figure. Here's a simple rule in a US corporation, "As soon as a thought is conveyed, it should be assumed to be public." We broke it, we fix it. Security is corporate strategy, and we're losing the fight. Ask yourself, "would I not listen to a vital piece of corporate data ripped off the computers of a competitor?" Close and lock your back door.

     
     
     
    • Anonymous

    What is the harm in being ethical ?

     
     
     
    • Kapil Kumar Sopory
    • Company Secretary, SMEC(India) Private Limited

    The velocity of informaton flow via internet and email is extremely high. And, this tool has opened up everyone to everyone else so that any information, confidential even, is always at a great threat of being stolen. Computer is, therfore ,a monster who needs strong control mechanisms for being kept in absolute check. We devise a system but do not anticipate and provide safety precautions. We should be able to learn from losses meted out to others and take lessons from these to devise risk mitigation action plans. And then make these work.

     
     
     
    • Ravindra Edirisooriya
    • Senior Accounting and Finance Major, Missouri Southern State University

    The internet or cyberspace is the frontier before the "last" frontier of logically converting matter to a signal (energy) and back, which will lead to our next generation of technology. The internet and computing power has given us the ability to abridge time and space, and expand human thinking and problem solving capabilities. Now that we humans have become so good at it with third and fourth generation computer languages, it is a threat to keep the establishment safe from those who are anti-establishment either out of need for survival or due to their overacting anarchist genes, not to mention the peoples' evolutionary traits still at play.

    I was personally impacted when my home computers were infected four years ago with a disk boot virus. I must say that I never used any antivirus software for years before the attack on my computers since I rationalized that nobody would be interested in infecting my computers and the doers were not sophisticated too. My response was not only to install antivirus software in my computers but also to add computer information systems (a junior) as a third major to my academic work. A human without computer literacy is one with the third eye blind in my opinion. Professor Heskett calls the doers 'hactivists' or hackers but it is not quite because in the profession of computer science there are hackers who create legitimate programming tools called hacks.

    No computer or computer network which is connected to the internet is ever safe since it is a function of time to intrude versus time to discover. Those who know operating systems will tell you how easy it is to find passwords if you know where to look in one of our most used operating systems. A reason why more sensitive computer networks are moving to Linux based operating systems. A virus is any (malicious) software planted in a computer to incapacitate it or to relay information off the infected computer. Antivirus software is always a reactive antidote to increasingly sophisticated viruses.

    Any information relayed through the internet is never safe since there are all kinds of packet sniffing software, which is an easy build to the experts. Cloud computing has an enormous challenge in keep information safe from interception. It is normally achieved by data encryption, and intrusion (and fraud) detection software and hardware. Intrusions normally through proxy servers can be detected with hard work but they mostly lead to countries beyond the reach of the US law enforcement. Some of our large banks even do not admit intrusion activity for the fear of losing customer confidence but simply write off the losses as a cost of doing business. We know all about power grids, banks, industrial facilities, government institutions, and etc. connected to the internet. There is no real solution to keep us safe from a cyber attacks other than to try to be one step ahead of the intruders or attackers. Perhaps, can the drones do the job if we can find the doers? Perhaps not bec ause the drones are connected to the internet too!

     
     
     
    • Nauman Lodhi
    • CMO, Sorcim Technologies

    Internet privacy and protection are the real challenges that we will face. Technically speaking there will be a greater need to encrypt data to prevent information theft. However, a culture of openness will also be adopted by organizations in order to avoid embarrassment in case of leaked news.

    Nauman Lodhi Sorcim Technologies http://www.sorcim.com

     
     
     
    • Bruce Watson
    • Principal and Founder, HEADS TOGETHER

    Interesting choice of words in title- "fight". May be "management" needs to look at why there appears to be a case for needing wikileaks and "anon." in the first place. What is it they doing or not doing that is so threatening. Is it a case its OK if we can get away with it? Or is probity and ethics, some sensible consideration of privacy etc, too hard? Me thinks they do protest too much.

     
     
     
    • David Physick
    • Consultant, Glowinkowski International

    My 87 year-old Mum reminds me that "Your lies will catch you out". The rhetoric of 'transparency' lauded by so many senior leaders is hollow. As other commentators have remarked, if there was genuine openness and honesty then the need for Wikileaks woud be diminished. There have always been scandals, be they involving politicians or businessmen and businesswomen. There always will be. Human nature will see to that. But consider the shear scale of what Wikileaks has revealed. Consider too the banality and buffoonery of some of the remarks. Perhaps all of us who have taken the time to comment on this discussion should look at ourselves closely in the mirror and be absolutely certain we do not allow ourselves to become victims of another bout of Wikileaks. In this instance, I believe, ALL comments should be named. Hiding behind anonimity is another facet of the 'Wikileaks syndrome'.

     
     
     
    • Ajay Kumar Gupta
    • Doctoral Researcher and Faculty, Tata Institute of Social Sciences,School of Management and Labour Studies, Mumbai ( India)

    I think management can fight anonymous and wiki leaks up to certain extent but perhaps unable to stop it completely. How management can fight against anonymous threats? To understand this, we have to drill down to root of management that lies in social sciences. Why people do this? What are drivers and how to control them? I think these are the key questions that need to be addressed. My belief on this is people do this for their own identity. Identity of being powerful in terms of money, capability and power are the needs and it drives people to do unethical and illegal. In the organisations, policy usually focuses around measurable performance metrics and immeasurable are often neglected. So, people are motivated by incentives, bonuses, perks that drives them to perform. In absence of drivers, motivation disappears. On the other hand, when policy focuses on people dimensions, it actually boosts employees' morale and it does not need any drivers. And employees with high morale are trustworthy and loyal. So, the need is to create trust and loyalty in the organisation to fight anonymous and wiki leaks. Leaders in the organisations need to connect with the people. It requires an effort to interact more than top down communication. Leader should initiate and interact with people across all level to create cohesive, committed and harmonious culture. This will help to create healthy and timely feedback system of relevant information. To prevent and protect data from theft, hacking and sabotaging, there should be mechanism that strategically decides which data can be in electronic form and which data can be in other form. This will help organisation to safeguard data and relevant information because they cannot be accessed through internet. The other important parameter to prevent anonymous is to encourage and enforce "Whistle blower policy". Punishment for culprits and Protection and safety of whistle blower should be ensured. This approach will send strong single to culprits not to commit such crime or frauds. At the same time, accountability across all level with clear check and balance system can discourage anonymous threats. Interests of all stakeholders and maintaining relationship with them will perhaps ensure to strengthen the protection mechanism. People before performance focus can make organisations to effectively root out internal as well as external threats. And creation of culture based on trust, respect, and identity will equip organisations and leaders to fight with anonymous threats and wiki leaks effectively.

     
     
     
    • Malvin Bernal
    • Consultancy Unlimited - Philippines

    Advances in technology produce numerous benefits. However, similar to the laws of physics, for every benefit, there are numerous costs. The threat of information leaks has been present even before the advent of the internet. Blaming technology for something that has been apparent since time immemorial is similar to blaming condom for promiscuity.

    We've always recognized the essence of risks, whether it is with information handling or something else. We've always believed that there wouldn't be any full proof defense on something that is really bound to happen. Be that as it may, we've learned how to manage and mitigate the occurrence of such untoward incidents, hence, risk management.

    Preventing information from leaking is like preventing Niagara Falls from flowing. Accepting such reality can pave the way for organizations to manage it the way it should be. Information risk prevention methods may not be full proof, but it sure is necessary to have gatekeepers along the way. The secret is enabling your defense to act as fast as those threats. If information can leak at the speed of thought, why not its necessary defenses?

     
     
     
    • Saurabh Dwivedy
    • Manager Marketing, Arab Orient Insurance Company

    We all intuitively realize and understand the truth of the matter here. Threats and opportunities coexist even as the back and front of the same coin. So this cat and mouse game of technology empowerment and concomitant risks will understandably go on unabated. Responses to these threats? They will predictably vary from organization to organization and individual to individual. I for one don't change email passwords regularly. Because in my understanding I am not anyone's times worth for him or her to launch an attack against me. But for somebody else the situation could be different and he may be changing his password more often. This simple example demonstrates that there cannot be a one-size-fits-all approach in this matter. Many others have pointed out the same thing using different words.

    As far as the efficacy of being honest and truthful in combating this menace - it's almost a no-brainer. But then, honesty and truthfulness in matters of business can do only so much and business constraints and requirements sometimes demand more than being just that. I am not advocating untruthfulness and dishonesty. But - one cannot become a simpleton in dealing with complex matters of business and so difficult decisions are sometimes necessary - as we all very well know. Most idiotic things are borne out of plain boredom and frustration with the status quo. Most of us have cribbed about our situations - whether formally in an appraisal meeting or informally around the coffee machine. Internet savagery is just an extension of the same fundamental human habit leveraging the might of technology. There's nothing new or earth shattering about it.

     
     
     
    • cameron lewis
    • ceo, statz.com

    Enterprises are trafficking consumer data like "planned" leaks. Consumer/customer data that is passed from business to business in networks without concern for impact on consumer privacy, unauthorized behavior surveillance or value of the data.
    I'm no fan of more regulation but when enterprise regularly "de-identifies" consumer protected information (like HIPPA, GLB and Telco) without regard for the PII impact there is a hypocritical aspect to the impact of Anon disclosures. Corporate integrity and an ethical code would be useful here.

     
     
     
    • Anonymous

    So far all the 'targets' I've heard about have been legitimate in that they have acted badly, maliciously, secretly, selfishly and not in the public interest, or some combination of these. Any actions taken (other than increased computer system protection) to limit the legality of protest will increase the sense of legitimacy of the those who feel their protest is not being heard or acted upon.

     
     
     
    • MP Campbell
    • AVP

    There is plenty of plausible deniability in all of this.

    Sure, sensitive information can be leaked. But outright disinformation can be promulgated as well. It can be difficult for a bystander to figure out what info is legit. Stuff that cannot be confirmed by checking against publicly available info is going to be questionable to anybody.

    So it may not be as dangerous to companies as some think. I'm not saying that companies should be complacent, but that some need to temper their "worst case scenarios" accordingly.

     
     
     
    • Henry Maigurira
    • Executive Secretary, Pachi Development Foundation

    I applauded Wikileaks from the on-set because it was government transparency and accountability to masses in its best form, however of concern was the persecution of the site being regarded as controversial because of its implied vulnerability to manipulation e.t.c. Internet security. as the professor asks what can be done to avert internet malpractices, the best solution I think is on the technology itself, increasing high capability systems that enhance safety of usage, and protection of privacy.

     
     
     
    • Anonymous

    Can Management Fight an International Non Profit Organisation ? Why SHOULD a Management fight an organisation which is publishing private, secret, and classified media news ? Just because it is against the UNITED STATES Interest ? Just let the 'TRUTH' come out. They are doing the work of common people in a ethical way. This is only to fight a devil.

     
     
     
    • Anonymous

    I find anyone or company that seems to think private communications and records, including credit bureau information is open to exploit, is treading on dangerous ground and will kill the Internet. It is ashamed that our U.S. government, in particular, is not the transparent thing we have always wanted it to be, as well as the unfortunate schism between parties; perhaps brought on by the gerrymandering of the voting system. But if the country is to be transparent, we need to get leaders and those in government to make it so. Whether we can ever influence those in Congress to do so, is apparently, for now, a lost cause. Allowing for the schism to flow over to the Internet is and will continue to be disastrous, unconscionable, and terribly unfortunate for all of us.

     
     
     
    • Gerald Nanninga
    • VP, Retail Ventures, Inc.

    There are only 3 reasons why you should care if there is a leak:

    1. You've said something embarrassing.

    2. You've done something illegal or immoral.

    3. If the information gets into the wrong hands, they can use it to harm your business.

    To stop the first two, just don't do embarrassing, immoral or illegal things (or at the very least don't put any of it into a digital form).

    As for the last point, I am reminded of a line by the famous Green Bay Packer coach of the 1960s, Vince Lombardi. He said that the secret of a great team is being so good that it can win even if the opposition knows in advance exactly what the team is going to do.

    The same principle applies to strategy. Great strategies integrate all of the essence of what a company is--its culture, its competencies, its history, its reputation, its resources, etc. Great strategies only tend to work if you optimize all of those pieces in a coordinated fashion. Even if the competition is leaked all the details of your strategy, it may do them no good because either:

    a) They cannot replicate all of those components;

    b) They cannot stop the "magic" inherent in your mastery of all of those components.

    Take Apple, for example. Everyone pretty much knows their strategy: cool products with cool apps sold in a cool, integrated way. Yet even though everyone knows that, it hasn't really hurt Apple's success. Their integrated system is too difficult to copy and too difficult to stop.

    Therefore, if you focus on the right kinds of strategies and implement them in the right ways, you can still win, even if the strategy is leaked to the world. That is the safer approach...creating strategies strong enough to prevail in spite of leaks, instead of fighting against the tide to keep secrets.

     
     
     
    • Ratnaja Gogula
    • Product Manager, Kenexa

    Why do people/organizations resort to Internet theft, wiki leaks or Anonymous? I believe, they do it because, of two reasons: one, information, vital to them, is not being made available and two, they 'fear' the source of the information. Rather than addressing 'how to prevent' internet theft, wiki leaks or Anonymous, prudent organizations should work on building transparency into their work places and foster a culture of tolerance for whistle blowers. It is seldom that people resort to internet theft/ wiki leaks or Anonymous for sadistic reasons of victimizing or profiteering; they do it because they have been greatly inflicted at a personal level and they do not have the muscle or money power to fight out in the open.

     
     
     
    • Saurabh Dwivedy

    Well said Gerald...excellent articulation...

     
     
     
    • Dan Quizal
    • CEO, WBS

    Normally I like your view on the "subject of the day," but this time you are reflecting a 20th century view. Business, the government and citizens should support a free and open Internet, with NO restrictions. This WikiLeaks thing is just releasing things which should not have been said in the first instance and it DESERVES to be outed to the public.

    I always figure that anything I say on the Internet (or the equivalent), even if in a private email, is probably going to be made public at some time. If I'm embarrassed by it or it is immoral, I should have had the good sense not to say it in a public forum!

    Keeping secrets from the public (or even your wife) is bad policy.

     
     
     
    • Philippe Gouamba
    • Vice President of Human Resources, Skyline Windows, LLC

    As long as individuals and companies do what is right and honorable, transparency will never be an issue and they will never have anything to fear from "anonymous" or Wikileaks.

    There are many disgruntled and misguided people in our busy fast moving society. Aberrations in character are unavoidable as we have seen in the recent shooting of Congresswoman Giffords. Her shooter is a deranged young man with a cause that no normal person can support.

    Management, on the other hand, is usually concerned with the bottom line and keeping the company solvent. Management typically allocates a low budget to security because management sometimes lacks vision and can't see beyond a certain point. Security only becomes an issue when it affects the company. In my humble opinion, management needs to do whatever it can, and spend as much as it can afford on internet security. Management needs to make it less easy and more difficult for hackers to break-in; what good is it to have top of the line computer systems if you do not safeguard them? Management can help itself by putting up a fight (no matter how big or how small) so that the hackers will "pass" on your firm and try to hack in where it is easier. There is a great big cry for transparency but I suspect that those that are up to no-good do not want to be transparent. No matters what Michael Douglas says in Oliver Stone's Wall Street I or the sequel Wall Street II, "greed is still [not] GOOD". What is sorely lacking in our world is morality and decency.

     
     
     
    • Abhishek Syal
    • Engineer, BHEL Corp. R&D

    Being open and honest is good.

    You can always ask for the credibility of Wikileaks, or even the documents that have escaped. Corporations can maneuver them to their advantage.

    'Strategic leaks' may also release their documents which help them in their publicity.

    However, internet will evolve to continue. Intranet will however gain more popularity for higher risk documents and confidentiality.

    Information Overload is another strategy that corporations would employ to confuse the users of Wikileaks!