Monday, October 24, 2016

Hacked over Russian hackers?


Are you upset that Russian hackers – possibly operating under the influence of, or even directed by, their government – got into the Democratic Party’s email system?

I’m not.

I’m upset that anyone was able to get into the system as easily as they did.

Any high interest operation such as a major election is going to attract the attention of hackers trying to break in for any of a multitude of reasons. Just as Willie Sutton is going to rob banks, political adversaries or those seeking financial gain will take any advantage they can against their opponents.

It is the responsibility of the people with valuable information to protect it themselves. Once an organization reaches a size, a level of notoriety or importance, or economic or political significance; they must take advantage of professional security experience. An individual who gets hacked may have some losses but won’t necessarily suffer serious economic or reputational disaster. A large business may be able to expend the resources to clean up after they’ve learned their lessons. But the entities in the middle, from a 10-person office to a national volunteer organization could be damaged beyond recovery.

What should a high profile organization like a political party do?

If I were consulting them, the first thing I’d do is sequester the devices and accounts from everyone with a recognizable name. Then I would issue them devices that are known free of any malware and without the most attacked apps. These would route all online activity through the office via VPN where it is protected from interception and filtered. Similarly, their email and messaging will go through a single system with advanced safeguards and appropriate passwords. Finally, social networking will all be posted by public relations personnel. Although there can be accounts in the principals’ names and they may submit posts; they will be vetted and edited, if necessary.

Finally, everyone will attend a class in protecting themselves against attacks from phishing to ransomware and all the online lures. This is because a slip of the finger by anyone from the top dog to the intern – and even the IT staff – can open the entire organization to an attack.

No comments: