What does the Ashley Madison hack mean for CIOs?
The scary nature of the Ashley Madison breach has some important lessons for CIOs everywhere.
It used to be that hacking was all about credit card data and identify theft. What Ashley Madison and Sony before it have shown is that breaches are now evolving – and focused on embarrassment.
All it takes is one disgruntled customer that has skills to breach your security for skeletons to come out of the closet. For public companies this could lead to hackers disclosing or using information to impact the company’s stock price. A single email about performance or strategy made public could significantly shift a stock price and become a legal nightmare in terms of corporate disclosure compliance.
Beyond this there are the embarrassing emails, potential merger and acquisition discussions, personnel files and disciplinary procedures.
We can all laugh at those that decided to sign up to Ashley Madison but to dismiss the risk of a breach as something that wouldn’t impact us is naïve. I am certain that if someone had enough data on my company it would lead to some form of embarrassment that could lead to our brand being diluted.
This threat, coupled with a driving directive to make information and services more accessible and mobile friendly to customers, we are creating a world where our data can be used against us and our customers at an ever alarming rate. Blackmail, embarrassment, corporate espionage and unauthorized disclosures – this is the new Wild West for hackers and I expect it will become the new norm.
It is unfortunate because I suspect that CIOs have been caught looking the other way and spending money on protecting credit card data and leaving company information and communications exposed to potential breaches. Furthermore, the ability to control, protect and secure the huge amount of data we have, not to mention understanding what could be used to exploit and manipulate a company is in my view unmanageable.
After Sony and Ashley Madison other businesses will be sure to follow and the next wave of sophisticated attacks will be targeted not against company’s customers but rather against companies themselves.
We have neither the tools nor the strategy to manage this type of breach and behavior. If asked by my CEO today if we can suffer similar embarrassment and exposure I would have to say yes and would be misleading if I said no. I cannot even evaluate what the risk is let alone secure it. With credit cards and personally identifiable information it was simple, I knew where the information was and could put in defenses to secure it.
With this new threat I lack visibility over what to secure and what to track to ensure that I can prevent information leaking from my organization which could then expose the company to embarrassment. What Ashley Madison means to CIOs is fear and unfortunately I have no answers to mitigate it: do you?
The Naked CIO is an anonymous technology executive.
More from the Naked CIO
This article –