Today an article appeared that has seemed to have gone viral – it was published here. The article referred to an as yet unnamed employee ‘Bob’ who had managed to outsource his job to a software developer in China. It smacked a little of an Onion News Network video which can be found here (from 2009). I wonder if ‘Bob’ saw this video and this gave him the idea!
In truth what ‘Bob’ did was no laughing matter – it could have had serious consequences for the infrastructure company. I’m sure most people can imagine what serious consequences can ensue from having unknown and unaccountable coders writing code into your repositories and products from a country known to contain hostile elements – we read about these things every day in security blogs and magazines. In this case it appears (or at least is reported) as not too big a deal – particularly as this Chinese coder appears to have been unwittingly an MVP for quite some time.
But what can we do to protect against this sort of security breach. Increasingly it’s not the infrastructure but the employees themselves who are providing the biggest gateway for attackers to gain access to companies. Trust has always had to play a part but are we now becoming too trusting. Swivel Secure’s recent research into corporate apathy with regards to information security shows that people appear to be burying their heads in the sand.
Regular checks of infrastructure are important but we also need to be considering other things like locking down multiple connections to corporate networks and implementation of login authentication beyond the normal username and password methods. Two factor authentication can help but as with ‘Bob’ you can simply mail off a token. Tokenless authentication methods do offer some protection against this but really the biggest thing to learn is that when it comes to security – you cannot cut that cost because it will get you in the end.