Will hack attacks finally become a boardroom issue?
Summary: Lockheed Martin and PBS confirmed that they were hacked as the high-profile security breaches are beginning to pile up. Is it time for CEOs to put security on the front burner?
Lockheed Martin and PBS confirmed that they were hacked as the high-profile security breaches are beginning to pile up. Is it time for CEOs to put security on the front burner?
Oh sure, all chief executives say they value security. Security is one of those things you always value. The disconnect comes when there are shabby security practices riding shotgun with intent.
Among the more notable attacks over the last few months:
- Sony was repeatedly attacked so bad the company took down its PlayStation Network for days. Rest assured that Sony's costs will only go higher.
- Epsilon was attacked and your email address went along with the bad guys.
- EMC's RSA unit was attacked and lost data.
- And over the weekend, Lockheed Martin confirmed that it was the subject of a highly sophisticated attack.
Meanwhile, it takes little to get hacktivists wound up. PBS was hacked for a Frontline story on Wikileaks. Yup, that's it.
Watch the full episode. See more FRONTLINE.
PBS network, server and database details were compromised. The attackers also noted that Tupac was still alive in New Zealand. PBS News Hour's Twitter feed is full of mea culpas and notes about how it was working to get back up to speed. Through Sunday night a group called LulzSec was having its way with PBS. LulzSec said:
Greetings, Internets. We just finished watching WikiSecrets and were less than impressed. We decided to sail our Lulz Boat over to the PBS servers for further... perusing.
The Wall Street Journal in a report said that corporate executives can't afford to take a passive approach to cybersecurity. Well, it's about time. You could never take a passive approach. Passive companies lose data. However, until boards of directors start firing execs over breaches passive is likely to be the norm.
Here's the larger issue: Few CEOs are well versed in security. They are told the company is secure, but it's not like they can micromanage. Banks, retailers and government contractors know reputations are at stake, but it's time other sectors get with the program too.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
The problem with good security is...
RE: Will hack attacks finally become a boardroom issue?
This is exactly right. In alot of case, you have management or employees that do not want to impliment better security because the extra securty inconveinences them.
They have to take additional steps to get something done or rights are restricted and they cannot get to data they once could get to easily.
Some people just do not realize that this will come back and bite them in the rear sooner than later.
RE: Will hack attacks finally become a boardroom issue?
One of the biggest issues is the initial cost to upgrade and retrain - in some cases replace.
Trying to argue the cost issues with stock-holders is enough to give anyone a coronary. :(
This is not the first time PBS failed to secure their Open Source Systems
PBS was used to host malware about two years ago
http://www.zdnet.com/blog/security/pbsorg-hacked-serving-malware-cocktail/4359 It appears as if they learned no valuable lessons last time.
This latest exploit at PBS appears to be related to their CMS Movable Type 4. It appears as if hackers reverse engineered a set of patches that were released earlier in the week to take advantage of the exploit.
In addition to the culture of the organization, it is important to select the right solutions. The problem with these niche open source solutions like Plone, Eggg, and Movable Type 4 is the lack of consistency in Quality Assurance.
The myth that if it is open source is secure because a lot of people review the source code is predicated on the fact that ---- someone with a quality and security background is actually looking at the code and making informed decisions. The reality is that many applications are simply compiled until they run clean and that is it.
I have had zero attacks since upgrading to Plone 4
Plone: The safest CMS on the planet.
I stake my reputation on it.
Reputation?
PBS.org and Linux
RE: Will hack attacks finally become a boardroom issue?
sounds like you were stating the security triad CIA, but it isnt authorization, its availability
RE: Will hack attacks finally become a boardroom issue?
Needs to be more than a boardroom issue
Only when companies are held accountable by law...
Boards and C-level executives of companies that don't properly secure their data (yes, that's you TJX) should be jailed. How about 1 year each per individual they imperiled? At 45.6 Million credit card numbers that ought to be a jail sentence sufficient to make the other corporate criminals take notice and clean up their act.
Of course, now that the US SJC has ruled that companies can buy & sell elections (and therefore politicians) at will it will never happen.... but I can dream can't I?
Regards,
Jon
RE: Will hack attacks finally become a boardroom issue?
My understanding about the Lockheed Martin hack was that they WERE going after proprietary data in that case.
RE: Will hack attacks finally become a boardroom issue?
Can you really blame PBS for an exploit patch that was released just last
Yes companies should secure their data and any data that they hold on behalf of external individuals, but i am not sure everyone can afford a security crew 24/7 to monitor their stuff( like LM can ).
RE: Will hack attacks finally become a boardroom issue?
Executives value security...
Race-to-the-bottom IT salaries
RE: Will hack attacks finally become a boardroom issue?