Will hack attacks finally become a boardroom issue?

Will hack attacks finally become a boardroom issue?

Summary: Lockheed Martin and PBS confirmed that they were hacked as the high-profile security breaches are beginning to pile up. Is it time for CEOs to put security on the front burner?

TOPICS: CXO, Security

Lockheed Martin and PBS confirmed that they were hacked as the high-profile security breaches are beginning to pile up. Is it time for CEOs to put security on the front burner?

Oh sure, all chief executives say they value security. Security is one of those things you always value. The disconnect comes when there are shabby security practices riding shotgun with intent.

Among the more notable attacks over the last few months:

Meanwhile, it takes little to get hacktivists wound up. PBS was hacked for a Frontline story on Wikileaks. Yup, that's it.

Watch the full episode. See more FRONTLINE.

PBS network, server and database details were compromised. The attackers also noted that Tupac was still alive in New Zealand. PBS News Hour's Twitter feed is full of mea culpas and notes about how it was working to get back up to speed. Through Sunday night a group called LulzSec was having its way with PBS. LulzSec said:

Greetings, Internets. We just finished watching WikiSecrets and were less than impressed. We decided to sail our Lulz Boat over to the PBS servers for further... perusing.

The Wall Street Journal in a report said that corporate executives can't afford to take a passive approach to cybersecurity. Well, it's about time. You could never take a passive approach. Passive companies lose data. However, until boards of directors start firing execs over breaches passive is likely to be the norm.

Here's the larger issue: Few CEOs are well versed in security. They are told the company is secure, but it's not like they can micromanage. Banks, retailers and government contractors know reputations are at stake, but it's time other sectors get with the program too.

Topics: CXO, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The problem with good security is...

    that good security is hard to deploy. Not because the practices themselves are difficult, but because political climates seem to prevent good practices from going into play.
    • RE: Will hack attacks finally become a boardroom issue?

      @xioc1138 "but because political climates seem to prevent good practices from going into play."

      This is exactly right. In alot of case, you have management or employees that do not want to impliment better security because the extra securty inconveinences them.

      They have to take additional steps to get something done or rights are restricted and they cannot get to data they once could get to easily.

      Some people just do not realize that this will come back and bite them in the rear sooner than later.
      • RE: Will hack attacks finally become a boardroom issue?

        One of the biggest issues is the initial cost to upgrade and retrain - in some cases replace.
        Trying to argue the cost issues with stock-holders is enough to give anyone a coronary. :(
    • This is not the first time PBS failed to secure their Open Source Systems


      PBS was used to host malware about two years ago
      http://www.zdnet.com/blog/security/pbsorg-hacked-serving-malware-cocktail/4359 It appears as if they learned no valuable lessons last time.

      This latest exploit at PBS appears to be related to their CMS Movable Type 4. It appears as if hackers reverse engineered a set of patches that were released earlier in the week to take advantage of the exploit.

      In addition to the culture of the organization, it is important to select the right solutions. The problem with these niche open source solutions like Plone, Eggg, and Movable Type 4 is the lack of consistency in Quality Assurance.

      The myth that if it is open source is secure because a lot of people review the source code is predicated on the fact that ---- someone with a quality and security background is actually looking at the code and making informed decisions. The reality is that many applications are simply compiled until they run clean and that is it.
      Your Non Advocate
  • I have had zero attacks since upgrading to Plone 4

    OK, I am not exactly a desirable target but there is no better CMS from a security standpoint than Plone.

    Plone: The safest CMS on the planet.

    I stake my reputation on it.
    Dietrich T. Schmitz, *~* Your Linux Advocate
    • Reputation?

      @Dietrich T. Schmitz The one you have on these boards?
  • PBS.org and Linux

    Shocking! <a href="http://toolbar.netcraft.com/site_report?url=http://www.pbs.org" target="_blank" rel="nofollow">http://toolbar.netcraft.com/site_report?url=http://www.pbs.org</a><br><br>Anything can be attacked. Anything! What you need to ask yourself is what controls you have in place to ensure your systems confidentiality, integrity and availability remains secure. Because anything can be safely secured. Anything. What we will find out here is that PBS probably did something silly security-wise.
    Your Non Advocate
    • RE: Will hack attacks finally become a boardroom issue?

      sounds like you were stating the security triad CIA, but it isnt authorization, its availability
      • RE: Will hack attacks finally become a boardroom issue?

        @tiderulz my bad.
        Your Non Advocate
  • Needs to be more than a boardroom issue

    We need to find these people and prosecute. These guys have Twitter accounts so they can brag about their misdeeds, and nobody can find them? Really? Sounds like we aren't really trying. If we put even 0.01% of the effort of finding these people that we put into the Middle East wars I'd bet we'd find them in no time. And I'll bet it could be done without a Patriot Act that infringes on everyone else's freedoms.
    Michael Kelly
  • Only when companies are held accountable by law...

    will they give a single solitary thought to security. Note that their proprietary data is NEVER what is stolen: no, that is secured. It's always your financial information (the customer's and vendor's) that is stolen.

    Boards and C-level executives of companies that don't properly secure their data (yes, that's you TJX) should be jailed. How about 1 year each per individual they imperiled? At 45.6 Million credit card numbers that ought to be a jail sentence sufficient to make the other corporate criminals take notice and clean up their act.

    Of course, now that the US SJC has ruled that companies can buy & sell elections (and therefore politicians) at will it will never happen.... but I can dream can't I?

    • RE: Will hack attacks finally become a boardroom issue?


      My understanding about the Lockheed Martin hack was that they WERE going after proprietary data in that case.
      Michael Kelly
  • RE: Will hack attacks finally become a boardroom issue?

    Man Just think, If we can get the Corporate Zombies and the Hackers to hack each other out of existence, then no more computers, software and we can all quit wasting our time
  • Can you really blame PBS for an exploit patch that was released just last

    week? Many companies test for weeks before they just deploy a patch. Obviously they should be on a tighter track for front facing applications, but one week really isnt that far out.

    Yes companies should secure their data and any data that they hold on behalf of external individuals, but i am not sure everyone can afford a security crew 24/7 to monitor their stuff( like LM can ).
    • RE: Will hack attacks finally become a boardroom issue?

      @Been_Done_Before --- Security USED to mean "Put it in a SAFE place".... or "Lock it down". Seems that today's "experts" have a significant misunderstanding of what defines a safe, place with limited accessability! Lazy putts compromised our national security.
  • Executives value security...

    ...until you tell them you're pulling admin rights from their workstations (or... one of their underlings whines about being locked down).
  • Race-to-the-bottom IT salaries

    The corporate world has long been trying to figure out how to make IT like an intellectual factory, with low-cost, quickly-trained, easily-replaceable labor. They have deliberately fired and sidelined experienced IT workers who need to be retrained in the newest technologies. As a result, we now have a world filled with 22-year old, three-year wonders who know how to use tools, in a superficial, tricky way, but do not have the skill depth that comes with a decade or two of experience. Until the corporate CEOs accept the fact that IT is a profession, and that workers over 35 are not a liability, not only security, but bad customer experiences and poorly managed operations will continue to plague them.
  • RE: Will hack attacks finally become a boardroom issue?

    It should have become a mantra by now: "convenience breeds carelessness"... It was convenient for boardrooms to ignore security issues, putting full trust in their IT staff. But as history proves over & over, that is way too carfeless. TRUE security will be to separate all sensitive information from any kind of public (AKA Internet) access. Yes, it becomes an "inconvenience" and might even argue for "lower productivity", but what is the cost of a security breach???