Security and Child’s Play

I cannot tell you how many times when I was working with clients. Even the largest most sophisticated companies. Companies with strong talented people, a responsible culture companies with a very professional IT staff. I would come across some of the most egregious missteps in cyber security take a look here. I would see things like common passwords, open databases, proprietary information stored on test systems without any protection. It always amazes me. A few days ago the notorious founder of WikiLeaks the dissemination site for hacked data from around the world, Julian Assange did an interview on Fox News. What he said was eye opening. Everything he says is always eye opening. This was no different. That’s his business opening eyes.  At this point in time, the big thing in the news is the leaked information from Presidential candidate Hillary Clinton and how it affected the election. Now I am not political and I do not have a dog in this fight. I am speaking purely from a data security view. The way the Clinton campaign treated their data was unforgivable.

Why Did They Do This?

If I had an $80,000 Mercedes and parked it in the worst neighborhood I could find and left the keys in it. You would say I deserved to get my car stolen, it was a dumb move. It would still be a crime and it should not occur but you would admonish me for not taking at least a little bit of care. And you would be right. Well, what John Podesta and the DNC did was worse than this. Julian Assange said the hacking of John Podesta’s emails is hardly a hack. Podesta’s email password was. Wait for it: “password”. This is what we call in the data security world a very soft target.  Julian Assange said an elementary school kid could have broken in. The hackers used attacks called spear fishing attacks and malware to infiltrate the DNC servers. Neither one of these exploits is particularly sophisticated or hard to defend against. If you just did the basic and employed good next generation firewalls and used encryption on your emails both of these could have been prevented.

The Other Side

On the other side of the race, the opposing party the republicans had better protection on their servers and the same exploits were tried on them and repelled. Just some basic security precautions could have prevented this fateful breach. I talk often about how even the most basic protections can save you from the type of damage that Hillary Clinton and the DNC have experienced.  The stakes on this egregious attack are about as high as they get. Do you not think you have basic security holes in your companies’ system right now? Are you sure? I wouldn’t bet on it. It is better to know for sure and at the very least cover yourself from the most basic attacks. If you are not absolutely certain, you should get an audit to know where you stand. Then you can make the right decision.

Leave a Reply

Your email address will not be published. Required fields are marked *