We all remember the old story about the radio reading of Orson Welles’ novel The War of the Worlds . The story claimed that the audience overreacted, causing widespread panic, running and rioting in the streets and a general paranoia. The story ends with a slow realization of no immediate danger. We learn two things from the story and its continuing propagation: one is that panic is a common and expected reaction to an unexpected attack. Two, while the threat of an alien invasion exists, panic after the fact is completely unproductive.
Cyber security follows this same thought process, although the panic phase seems to be real and continuing. Every device that connects to the internet or some other network has the ability to be hacked. With refrigerators , televisions, computers, cell phones, and now your car (with Tesla vehicles so computerized and sophisticated ), it stands to reason that there is a constant threat to the data stored on the various devices.
As IT Asset Managers, we know that it is not feasible to manage an IT environment solely based on the fear of data corruption or loss. A completely locked down environment restricts the movement of data between employees, significantly reducing productivity.
This conflict in IT goals is the classic struggle between risks vs. reward. How much data exposure risk is worth the reward of the free travel of information and the subsequent increased productivity? Will the fear of having a data breach overwhelm an environment’s ability to support the business? The answer to these questions is also a classic and fundamental solution.
In almost any situation, there are choices to be made when implementing processes that require an IT Asset Manager to make risk vs. reward decisions. To make choices that create and preserve maximum effectiveness, an IT Asset Manager needs to conduct a cost/benefit analysis prior to taking action. This simple discipline of calculating risk factors associated with specific actions and comparing it to the benefits measured through costs works well for IT Asset Managers in almost all areas.
For example, what if an IT Asset Manager is presented with acid washing or incineration of hard drives as the best choices available to completely eliminate any risk of data exposure at asset end-of-life? Unfortunately, these types of disposal create questions about the impact to the environment that in turns leads to concerns about legal restrictions and the potential of escalating costs. The decision requires assessing risks, beginning with the thorough examination of consequences. A cost/benefit analysis provides the insight needed to make a decision.
Assessing risk vs. reward to make a decision is not a new problem unique to cyber security. Even though data breaches are a fairly new threat, the best defense comes from using old methods. Proper diligence in choosing disposal methods, physically securing the devices and documenting processes, audits and results are all standard actions of an IT Asset Manager that reduce the risk of a data breach or data theft. In each of these actions, the risk vs. reward balancing act was considered.
Of course, it is clear from the actions of organizations such as the NSA (National Security Association) and Target  that preparedness can only do so much. When a breach does occur, stopping it and recovering as much data as possible is the best solution – not panic. However, avoiding the breach is the ultimate solution and IT Asset Management fundamentals, with the built-in evaluation of risk vs. reward, helps eliminate the possibility of a breach.
There is a lot of fervor over data breaches and illegal entry into an organization’s data stores. It has created quite a panic within IT circles and has had people scrambling for answers. Similar to the Welles’ radio broadcast, it is best when exaggerated fears are met with a level-headed professional and the common sense of good business practices .
 Rosenberg, Jennifer. War of the Worlds Radio Broadcast Causes Panic http://history1900s.about.com/od/1930s/a/warofworlds.htm Grenoble, Ryan. Refrigerator Busted Sending Spam Emails in Massive Cyberattack http://www.huffingtonpost.com/2014/01/23/refrigerator-spam-email-internet-of-things-attack_n_4654566.html Constantin, Lucian. Hacked passwords can enable remote unlocking, tracking of Tesla cars http://www.pcworld.com/article/2138400/hacked-passwords-can-enable-remote-unlocking-tracking-of-tesla-cars.html#tk.rss_all Riley, Michael; Elgin, Ben; Lawrence, Dune; Matlack, Carol. Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data Pooley, Jefferson; Socolow, Michael. The Myth of the War of the Worlds Panic http://www.slate.com/articles/arts/history/2013/10/orson_welles_war_of_the_worlds_panic_myth_the_infamous_radio_broadcast_did.html