Remembering the Trojan Horse



Troy remained unconquered for years.

The city that exhibits undoubtedly strong information security chain with its surrounding concrete walls, numerous booby traps on the grounds, thousands of armored warriors, and tight security at the entrance, is quite impressive. But not until the Trojans came along to the scene with their Trojan Horse. The humble statue that made even the most secured information security chain down.

Information Security

No one could tell all the possibilities of an intrusion to a certain information security system. Nor can anyone predict and eradicate all risks from unauthorized use of a company’s confidential information no matter how it is well established, highly equipped with advanced technology, or even being a top organization in the world.

Indeed. The possibilities of intrusion are endless. It keeps on coming to destroy. It is because Information Security System is not necessarily watertight, foolproof nor perfectable. It is an imperfect form but effective part of risk management. It is in the system that we try to avoid loss of confidentiality to a company/client’s documents that may be used to attack and destroy a company’s reputation to result financial loss, degradation, and closure.

The Entrance to Troy

We are always in the notion that computer systems either it is password protected or anti-hacking enabled make us safe from intrusion. That is not totally enough. It is important to note that Information Security is everyone’s responsibility. This includes from the top-line to the down-line list of employees no matter how low or how high your salaries are. The involvement requires us to facilitate and cooperate with the rules being implemented and report any means of actions that we saw or about to see in the future.

To have a secured entrance to Troy, employers must also exhibit the ‘trust’ aspect of information to its employees. The company’s level of trust to its employees to have integrity and stewardship in all the things that he is doing is dependent on the way they will educate them for such issue. They must be familiar with the rules and the jurisprudence in general. Moreover, employees must be know what are the things expected for them like not to share passwords, pass confidential information from unauthorized person, etc and know all possible disciplinary actions.

The Weakest Link: The Trojan’s Target

It is always such a laugh for a company leaving all its information security measures to its password protections, advanced computer systems, and other computer protection softwares. Yes. These tools are more or less effective but disregarding its employees and clients as the ones who are also responsible for protecting those confidential information, the company will only provide a false sense of security. This is a misconception that most companies do by taking Information Security not as a system but as a technology.

Let me take you back to the City of Troy.

The city (a company) has over thousands of warriors (employees). It has a well-protected territory. It has surrounding walls, and other security tools that they believe would prevent unauthorized intrusion. It also emphasizes more on putting more anti-intrusion traps and tools surrounding the city (has tight and secured information security technology not system).

A clever lad (a hacker) studies the situation and asked: how could I get in this land?

The clever lad knew that going to the walls and any forced intrusion by himself through its entrance would take him time which was not willingly to spare. The clever lad used some of his friends living in the city (lack of integrity of employees). He then realized that the people of Troy were the weakest link.

He led his men to make a giant hollow wooden horse and filled it with his warriors. Near the territory of Troy, they left the horse. A spy convinced the Trojans that the horse was a gift despite the warnings of other people. The people of Troy accepted the horse being a sacred animal of Poseidon in the myths.

It was a celebration for the Trojans that the warriors hidden from the horse emerged when the city was in a drunken stupor. Once inside, they opened the city gates to allow the rest of the army to enter, and the city was pillaged ruthlessly —all the men were killed, and all the women and children were taken into slavery.

Why was the attack successful?

If we do always depend on our computer systems we could possibly miss the fact that information security system goes beyond the use of any type of computer technology or in the case of Troy, in their tools. We must be aware that people is always the weakest and strongest asset depending on how they are educated or how they could participate in our information security system.

Firewalls and other computer tools are effective but it is not a good idea to include it in the system as a priority for its formulation. It only exhibits a security for the computers but not the totality of security for the real organization. Therefore it is of great importance to elevate more from software and hardwares to employee education schemes in any Information Security Policy.

This should be the actual system for any organization to be prevented from any possible intrusions that would result to company’s closure and distruction like the City of Troy. And we don’t want that to happen to us in the future.