By now I’m sure you have heard the news that the Democratic National Committee (DNC) was hacked and files filled with dirt about Donald Trump were stolen. A Russian hacker has taken credit for the breach, and the files were leaked.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iThere are a couple of possibilities on how the hackers gained entry to the DNC network, according to Wired. One of the two groups allegedly involved in the hack prefers to use spearphishing campaigns, while the other tends to use spoofed websites to steal credentials.
I decided to write about this particular breach because I see it as a warning to businesses and organizations. The breach shows just how easy it is to fool users into making a mistake (clearly, someone didn’t verify the authenticity of a link before clicking on it), how easy it is for hackers to linger inside your system until they gather the information they want, and then when they have it, how easy it is to manipulate the information. As Eric Lundbohm, CMO with iSheriff, said to me in an email comment:
The recent breach of the network of the Democratic National Committee is another reminder of the unfortunate fact that security breaches not only have real costs, but can actually play a role in changing our history. The stakes have been raised, but somehow our defenses have not.
I’m not sure how much history is going to be changed with this particular document release. Everything I’ve seen so far is old news. But I see Lundbohm’s point. Breaches can alter the future. For example, they can do major harm to one’s business: One day your company is thriving and then a breach occurs, and you’ve lost most of your customer base. Intellectual property theft has given other countries and companies the blueprints to military R&D and all types of innovations. We get caught up in the idea that high-profile breaches are about stolen credit card data or PII. That’s not always the case.
According to Joseph Carson, head of Global Strategic Alliances at Thycotic, the only way we’re going to be able to prevent these intrusions and theft-by-Internet is to make cybersecurity a top priority:
These specific data breaches are typically carried out by what we call patriotic hackers who are performing malicious activity on behalf of Russia. What makes them successful is nothing more than simply being targeted attacks with a goal in obtaining sensitive information though typically without any consequences in doing these malicious activities.
The DNC hack is a high-profile example of what can happen if cybersecurity isn’t taken more seriously, starting with the basic education and training for every single person who has access to the network. As we see, there is a reason why targeted attacks work and the amount of damage they can do.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.