In the past I’ve suggested that Anonymous, given their notoriety, is a convenient bogeyman for those who want to alarm the public about cybersecurity. Gen. Keith Alexander reportedly said in a closed-door briefing that Anonymous may soon acquire the ability to take down the power grid, but he probably knows that’s unlikely, and that the true threat is from foreign militaries. Yet Anonymous is something ordinary people have heard about and likely find unsettling. Rounding up her reporting at the RSA security conference, Nicole Perlroth seems to confirm my suspicions of how security experts use Anonymous:
‘WE LOVE ANONYMOUS.’ Contrary to conventional wisdom, security folk love Anonymous, the loose hacking collective that says it has taken on groups as diverse as the C.I.A., Interpol and Stratfor. Several security experts I interviewed called the group “a welcome wake-up call.” For years, chief information officers had to pound their fists on the table to convince their bosses to allocate more resources to information security. Now Anonymous does that for them. “Anonymous added a silent ‘J-O-B’ before security,” one conference attendee said. “The more companies they hack, the more vulnerabilities get exposed, the greater our job security.” He spoke—no pun intended—on condition of anonymity.
There’s a silver lining here. Anonymous (and especially LulzSec and Antisec) have made a sport of breaching corporate and government systems, thus forcing CEOs to pay attention, take security more serious, and ask tough questions. It’s a discovery process. This is the market at work. It’s not perfect or instantaneous, but the results will likely be more robust than equally slow top-down regulation.