NSA Hack Shows It is Only a Matter of Time for the Rest of Us

If the NSA can be hacked...
If the NSA can be hacked...

There’s a good chance that your website has been under attack today. It used to be safe to qualify the preceding statement with “if you’re in a large organization”, but even the smallest sites are under assault with alarming frequency.

Hackers are constantly looking for vulnerabilities, both in technology and in people, that can allow them to penetrate an organization’s systems. Since breaches probably can’t be avoided, work must be done to limit them as much as possible.

The inevitability of being successfully hacked was shown this week with news that an elite hacking team with ties to the National Security Administration was itself hacked, and their hacking tools leaked.   This led Cisco to issue a patch for a vulnerability that had been exploited in the companies Adaptive Security Appliance (ASA) Software that allowed outsiders to monitor and control all data running through a compromised network. It should also lead a lot of people to reevaluate their own IT security stance.

When the NSA’s go-to hackers suffer an extremely damaging breach themselves, it should trigger some self-analysis of your IT security. Importantly, you need to review your plan on both avoiding hacks as well as what to do when you are hacked.

  • Your people need to (finally) commit, without fail, to the basics of data security, including awareness of the social engineering strategies that are utilized to compromise your systems.
  • Are your security and monitoring tools and practices up to date?
  • Are there any vulnerabilities you haven’t patched for?
  • Are there any issues in your code that may create avenues for hackers?
  • How protected are your data center, your servers, your end points, your devices, and all the other ways your infrastructure can be compromised.
  • If (when?) you are hacked, what is your plan for customer communication, internal communication, media relations, and otherwise unwinding yourself from the damage done?

If your organization is not doing these basics, and your policies and best practices about IT security and the aftermath of a potential breach haven’t been reviewed (very) recently, the hacking of the world’s most elite hackers would be a good trigger for you to do so.

 

 

 

Image by U.S. Government (www.nsa.gov) [Public domain], via Wikimedia Commons