The AshleyMadison breach was announced while I was at the airport, on my way home from vacation. My first reaction was “didn’t this happen before?” But then I realized I was confusing it with another adult site breach from a few months ago.
My second reaction was “should I write about this?” I’ve been debating it for a week now, to be honest. The subject matter of the site is a little uncomfortable for me to discuss in a forum like this, but in the bigger picture, I saw it as just another breach. It seems I could spend all of my free time writing about the latest breaches because they are happening with alarming frequency.
So what changed my mind? A comment I heard randomly on the radio yesterday that pointed out this AshleyMadison breach shows that the hackers are in control—not winning, but in control. I thought, “Yes, that’s absolutely correct.” Hackers and cybercriminals are in control because organizations continue to fail at cybersecurity. The bad guys are getting more sophisticated with their techniques, but the truth is, they are able to do what they do with relative ease because they take advantage of the holes left wide open for them. The information is there for the taking, and we now see that they aren’t just taking financial data anymore. They are after intellectual property. They are after personal information. They are willing to reveal the dirty laundry of millions of people all because they can, and organizations continue allow it to happen. As Eric Chiu, president and co-founder of HyTrust, told eSecurity Planet concerning the AshleyMadison hack:
[T]his is a great example of how organizations can now be held hostage and permanently damaged by the own data that they collect.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
As they gain more control, hackers will simply up their game in more dangerous ways. This weekend, news came out that Chrysler was recalling more than a million cars because of fears that they can be hacked into and controlled remotely. A Guardian article showed an even bleaker scenario for Chrysler and other U.S. companies that sell products that are Internet capable:
By 2020 the US will be hit with an earthquake of a cyber-attack that will cripple banks, stock exchanges, power plants and communications, an executive from Hewlett-Packard predicted. Companies are nowhere near prepared for it. Neither are the Feds. And yet, instead of mobilising a national defence, we want a toaster that communicates with the washing machine over the internet.
What should we learn from the AshleyMadison breach? Organizations need to take a good look at what is at risk if they let hackers control their data – what privacy issues may arise? And then, what can they do to prevent the hackers from ruining their business? It’s all about who controls the data, and that’s one thing to which organizations can relate.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba