Lessons from the Ashley Madison Breach – Know Your Enemies

[IS] Opinions

Technology

Lessons from the Ashley Madison Breach – Know Your Enemies

Posted to Technology September 03, 2015 by Tom DeSot

The Ashley Madison security breach highlights a growing and troubling trend in cybersecurity. Unlike most headline-making security breaches – e.g., Target, Anthem, Home Depot – the motivation of the hackers of the online ‘dating for cheaters’ site was not money, but rather a protest of the controversial nature of the business itself.

You may think your business sits safely on a moral high ground, but every business should note the risk implications in this high-profile example of a purpose-driven cyber-attack, often called hacktivism.

Indeed, this incident brings to mind a scene from The Godfather Part II in which mobster Michael Corleone says his father taught him to “keep your friends close but your enemies closer.”

All businesses strive to beat competitors. But business competitors and socially or personally motivated enemies do not pose the same data security risks. That’s that basis of the reality check moment in this new, scandalous cyber-attack.

No Business is Safe from Hacktivism

Regardless of the moral or legal questions raised by the Ashley Madison hack, businesses should examine, via an enterprise risk assessment, their overall stakeholder environments to identify potential hacktivism risks. Examples could be disgruntled employees; distinctly unhappy customers; neighborhoods, communities, organizations, or partners negatively impacted by your business. Be on the lookout for people or groups with an ax to grind and technical skills.

Informed by this analysis, your security team can shore up specific related areas of weakness, as well as refine overarching and strategic security measures. While you cannot control the actions of determined hacktivists, you can take extra steps like those listed below to help avoid becoming their target and fend them off.

What’s my motivation? Businesses should be asking this question. Take an inventory of business related activities and practices that could be potential motives for hacktivists.
Listen up! Keeping your enemies close requires listening to them, and in this context, that means monitoring online conversations such as comments and social media for hints and warnings relevant to your business, and its areas of potential controversy.
Don’t shoot elephants. Weigh the impact that highly visible activities you and your employees engage in could have on external stakeholders. In addition to avoiding a PR crisis and reputation damage, you’re less likely to get the attention of sophisticated hackers on a mission.
Feeling vulnerable? Having the right security monitoring tools in place is not enough. Your team must be fully trained to manage the vulnerabilities – to understand the technical solutions and fixes needed to address weaknesses.
Data security 101. The basics of security are designed to make life difficult for hackers, whatever their motivation. This includes strong password policies, two-factor authentication, and training to help employees avoid being duped by clever social engineering schemes.

The emerging serious consequences of the Ashley Madison hack comprise yet another wakeup call for businesses regarding the growing complexity and variety of data security risks. Evolving technology, stakeholder concerns, and business dynamics combine to create a constant swirl of potential trouble.

That’s why eternal vigilance – keeping your enemies close – is required to protect your business from hacktivists looking to address their grievances by attacking and exposing your data.

About the Author

Tom DeSot

Tom DeSot is EVP, chief information officer for San Antonio-based Digital Defense, Inc., a premier provider of managed security risk assessment solutions.