Here I am, back from my hols, with a refreshed bright and breezy outlook. How long will it take for the reality of information security to bring me back down to earth, I wonder?
Oh, look, it’s not even noon on my first day back and here’s an article showing a whole new way people can be evil. Imagine you’re a security research firm; you’ve found a serious security flaw in a product. You could contact the manufacturer and offer to share the information with them; most sensible firms pay so-called “bug bounties” to reward researchers who do this.
Or you could partner with a brokerage, short the manufacturer’s stock and then go public with the flaw. It wouldn’t be nice, or ethical, or constructive – but it would be lucrative. The sad thing is that if anything’s done about this, it will be under securities laws relating to insider trading, not anything higher-minded.
As always with security, the advice is to follow the money. If criminals and the unscrupulous can find a way to make a buck, that’s what they’ll do. So to ransomware, DDOS protection rackets and straightforward fraud we can now add weaponised publication combined with stock manipulation.
Another good reason to make sure your security, and your corporate governance, are up to the job.