There is so much in the news about cyber-security. Much of the focus is on cyber war as a new and inevitable weapon, Stuxnet and the vulnerability of our national infrastructure. Some of the news is about use of computers to steal US technology and trade secrets, with culprits—if traceable—often located in China or Russia. It is definitely scary stuff, we all fear the prospect of several weeks without power, or endless gas lines should the oil pipeline infrastructure take a hit.
However, companies face a much more mundane and growing risk: personal information in their possession is being stolen by cyberattacks much more frequently than before. This is a form of cybercrime, not a new method of waging war, and the goal is generally identity theft, often an attempt to obtain credit (and debit) card numbers. All companies are vulnerable, but in the absence of required corporate standards, except in certain sectors (e.g., financial services/banking), some companies have done little to protect their personnel and customers from such hacker attacks. Moreover, these crimes are very difficult to prosecute; most originate from users in other countries. In the realm of data breaches and identity theft, we are truly One World.