Did the title get your attention? The spectacle of a salacious story has kept the security breach of adult website Ashley Madison (AM) in the news longer than most breaches of this size.
However, the media fixation has brought the problems of breaches to light – and this breach is a touchstone for a number of troubling trends that cybersecurity experts are witnessing.
Today’s guest blogger, Charles Hoff, CEO and Co-founder of PCI University, explores the implications of this breach.
- Activism: Hackers may view themselves as more than economic mercenaries and target companies to make what they perceive to be a moral or political statement. A group calling itself The Impact Team disapproved of AM’s immoral posture and was intent on shutting down the This may have far reaching implications as it is expected that hackers will soon be targeting non-profits and political- based organizations that they dislike.
- National Security: As it has been reported that members of our armed forces and government officials were AM clients, government authorities are concerned that hackers may try to compromise these individuals and our National It is not unusual for foreign hackers to focus on any institution which may contain data relating to government officials, military personnel or government contractors.
- Class Action Claims: The plaintiff’s bar rarely misses an opportunity to spot a lucrative trend where they can represent thousands of clients suffering a claim due to the company’s failure to protect their Legal commentators predict that AM victims will line up to participate in class action cases like they have with other breached companies like Home Depot, notwithstanding additional embarrassment AM’s clients may endure related to their infidelities.
- Extortion/Blackmail: Hackers are becoming more aggressive in how they confront and interact with breach victims. With AM there have been confirmed cases of extortion of the company’s clients. This has likewise been a concern with other high exposure breaches in which employee or contractor background reports consisting of sensitive information have been accessed.In other cases, hackers have planted ransomware malware which locks up a victim’s computer while demanding that the victim pay a ransom through online payment methods in order to restore their data.
- C Level Termination: As has been the case with Target and so many other companies, AM’s CEO and senior executives are being held accountable by their Board and stakeholders. AM’s CEO Noel Biderman is just the latest executive to be terminated for failing to take the proper security measures to protect his company from breaches.
The takeaway from Ashley Madison should be to avoid viewing their breach as merely an entertaining sideshow, but instead to recognize how hackers are branching out and encroaching on most any type of enterprise that happens to have confidential data. Hackers’ motivations are diverse and the damage they cause can be pervasive, insidious, and far from predictable. The smartest move an enterprise’s senior team can make is to learn how to best protect its stakeholders and customers by implementing
- Point to Point Encryption
- Tokenization
- EMV
- Employee PCI/data security training.
Security measures may not have much salacious appeal, but it’s far better than making provocative headlines for the wrong reasons.
Charles Hoff is the CEO and Co-Founder of PCI University, an innovative online platform geared towards helping Small and Mid-sized business owners and franchisors/franchisees to understand the complex issues of PCI DSS in plain English. PCI University’s patented and customizable PCI-Q assessment tool has been developed for non-technical users and its animated educational features are offered to card processor merchant customers as well as chain and franchise operators seeking to ensure PCI education and awareness across their enterprises.