It’s interesting to see the American political process work. The race for the president is now a marathon that takes over 2 years. But it’s when the stakes are the highest that you see the dirty tricks come out. And this has been repeated by candidates a couple times over. And it’s not restricted to one candidate or even in one election cycle. So how does this apply to a security firm or a security company you ask? Well, it’s simple – these dirty tricks are part of a deception campaign or public perception campaign all designed to give competitors an advantage over another or to use it at a point in time of their choosing.
Each competitor, regardless of the profession, is seeking to gain a competitive advantage over the other. And in some instances, some companies use their products to collect data on customers. Other times, nation states will do these type of things “just in case“. Or these things. These things happen more than we like to know; more than we want to know. They do it for that all important competitive advantage.
So wait, we still haven’t gotten entirely into how dirty tricks play into security. Well, isn’t the whole point of security protecting you from dirty tricks. We want to stress you have to be on the lookout from competitors at all times. And it comes with knowing your competition. While this article is more specific to China, a key element sticks out and it mirrors the threat identification we previously commented on:
“Identify 2 or 3 competitors most likely to target you and your critical infrastructure.”
This To do this you have to take the first step and identify that you do have threats. Even small businesses have threats – dry cleaners in New Hampshire have threat so you do too. And then follow a rather simple model:
- Once the threats are identified, what is the information that they would most likely benefit from? This is your critical information. How is it protected? HINT – should be different then the rest of your business.
- What types of attacks could they conduct? What is the most likely type of attack scenario and what is the most dangerous. Do some research into what companies are capable of and what tools are at their disposal. You may find that the list is quire large. And you need to consider – physical security, personal security AND information security.
- Are you protected against both the most likely and most dangerous? If you aren’t protected then this would be a vulnerability and you need to further discuss. If you choose not to protect against that vulnerability then at least you make a conscious decision and you know it’s a vulnerability. Perhaps this could be remediated in the future.
- What will your plan be for implementing increased security? Who will be in charge? What is the timeline.
- What happens if you are attacked? What is your contingency plan? What is your incident response plan?
These can get as in-depth as you want, but the key is to remain focused and to work through it deliberately. The decisions you make depend on a lot of factors, but at least make those decisions by evaluating all the available information. In the end, is it worth not doing it?