Reputational consequences of a cyber breach – poachers and gamekeepers.

November 5th is a significant date for Parliamentarians, Papists, children up and down the country, and for the neo-Guy-Fawkesian hacking collective Anonymous.

The latest offshoot of Anonymous (allegedly), Ghost Security Group – or ‘Ghost Sec’ – is taking direct action against ISIS online.

At a seminar last week we were exploring reputational consequences of cyber breaches.  Reputation risk and cyber risk top the list of issues keeping CEOs awake at night, and working with our friends at XQ Digital Resilience  we’ve been exploring these interrelated issues.

Of particular interest was ‘posture.’  Is the company known to be weak and ill-prepared or is it famously robust?  And what about so-called ‘active defence’?

A banking exec recalled the difficulties JP Morgan got into recently.  Frustrated by government inaction against hacker networks, somebody hacked back.  Hard.  Servers were taken down.  Was it the banks?

The FBI thought so, and opened an investigation (the 30-year-old US Computer Fraud and Abuse Act prohibits ‘unauthorized access to computers or overloading them with digital demands, even to stop an ongoing attack’).

It’s unlikely anybody is going to co-opt Ghost Sec types for any sort of commercial work (not least because they’re the bane of the corporate world and not particularly constrained by legal or regulatory rules.)

But as this rather compelling new TV series Mr Robot dramatises, your cyber security expert by day may be an arch hacker by night.

What do you make of ‘Ghost Sec’?

Can you turn poachers into gamekeepers?

How do you know that your cyber experts aren’t moonlighting for Anonymous by night?

Let me know what you think!

Happy bonfire night.

Let us know your thoughts about this post

Leave a reply.