Friday, 28 January 2011

Andy Gray & Richard Keys Sky Sports Data Breach

First of all let me just stress I certainly do not approve of any of the sexist remarks made by Andy Gray and Richard Keys on Sky Sports last weekend (21st Jan 11). I have been watching live football nearly all my life and I have seen some really bad football officials in my time. I really don’t care about a football official’s gender, as long as they are the best officials for the job. Believe it or not, Premier League officials are ruthlessly vetted and monitored to ensure they are the best of the best. Indeed it is said women are better at multi-tasking than men, that may be considered a sexist remark in itself, but if this were true, then ladies are going to make better ‘lines-people’ than men, anyone who’s tried being a linesman will know it is about monitoring several things at the same time, I can tell you it’s not an easy job.

Anyway what business has the dismissal of Andy Gray and the resignation of Richard Keys from Sky Sports got to do with a ‘Security’ Blog. Well actually a lot, as something important has been missed by the media, probably because the media actually played a hand with this ‘something’ occurring in the first place. The mystical something at the centre of the whole story, is a breach of Sky’s information security. An insider of Sky has stolen Sky company information, namely a private recording of their football commentators, and then either passed or likely sold it to a newspaper for personal profit. I don’t know whether the recording was actually sold or not, but it’s fair to assume it was as no one is saying otherwise. If the stolen recording was sold for personal profit rather than being a whistle blowing exercise, then it really puts a whole new sinister slant on the whole affair. The ethics of which becomes even more murky when you consider the current fallout with the UK media involvement with phone hacking celebrities and politicians.

Thought Police
Personal privacy in the workplace also comes into play. Andy Gray and Richard Keys did not make their sexist remarks on air to the public, but in a seemingly private conversation. However, this conversation did occur ‘in the workplace’, and there are workplace discrimination laws against the use of such language. But it appears the Sky Sports commentators were unaware their conversation was being recorded. Look at it this way, I am sure the average office worker would deem it completely unacceptable to be recorded in their workplace, especially if those recordings were secretly analysed and then used against them. Their private comments were wrong, but I really doubt if everyone is perfect in this day and age, even an innocent phrase you really don’t fully understand can turn out to be offensive to someone. I remember many years ago being told off for using the phrase “brain-storming”, as it is a term which is offensive to people with mental disabilities. The choppy waters of political correctness, the right to freedom of speech and the ‘Thought Police’ are certainly full of pitfalls, and really brings into question how we define individuals privacy rights, it is starting to feel a little too Orwellian 1984 to me. I am sure Sky like most large UK based companies, provide all their staff with regular discrimination in the workplace training, so you could say the commentators should of known better, but to be balanced, I am sure Sky also have a whistle blowing and employee grievance process as well.

I think this whole affair is politically charged, as in the background we have Rupert Murdoch’s media empire’s intended takeover of Sky, so it is not surprising Richard Keys said “dark forces” were at work.
The Inside Threat Lesson
The lesson as a security professional, is hackers may well get all the limelight and write the media headlines, but in 2011 the greater security threat to a business comes from the inside. Whether a disgruntled employee, or an information thief employee out to make a quick buck, these are the everyday threats. Yet many companies continue to pay the price for these types of insider breaches, either by burying their heads in the sand and ignoring the problem, or not having the clarity to understand how to mitigate these type risk their own employees create. Just consider for minute, when you left you last job did you take any company confidential information with you? Most employees steal company confidential information, especially just before leaving the company, (http://www.pcworld.com/businesscenter/article/160041/nearly_twothirds_of_exemployees_steal_data_on_the_way_out.html). Yet many companies continue to ignore or tolerate this. This is bad business practice in the information age, as company information is a business asset, it has a real value to the business, therefore it needs to be protected, and it can actually be protected.

3 comments:

email encryption service said...

They have to take security measures against data breaching.

DEWHURST TOULSON said...

This is inspiring; I am very pleased by this post. Nice work, thanks for such information.
free dissertation examples

DEWHURST TOULSON said...

This is something special! never seen this before! thank you!!!
dissertation topic