The Real Lesson from Ashley Madison: Don’t Cheat on Your Security
August 24, 2015
“Anything you say can and will be used against you.” It’s a familiar phrase we often here on police dramas. It’s also the best advice I’ve heard yet concerning data on the Internet. We’ve seen large businesses from TJ Maxx and Target to JP Morgan Chase and Anthem suffer massive data breaches. Even the US government can’t adequately protect its data, fighting WikiLeaks.
And yet we all seem shocked when a website that facilitates extramarital affairs gets hacked. Let’s be clear. Ashley Madison was a tempting target with its ‘affair guarantee.’ Which implies your information will be kept secret. Even as of today (Monday, August 24, 2015), the site still claims “100% Discreet Service” on its homepage, next to an icon boasting a “Trusted Security Award.” No details on what the award is, however.
This is not a discussion about morality or the salacious details of prominent figures with an Ashley Madison account. It’s about security and protecting sensitive data. The fact that hackers got credit card details from major retailers, sensitive healthcare information from insurance companies and even highly confidential government secrets was not enough to sound the alarms. It’s interesting that Ashley Madison is the wakeup call.
So what can we learn?
It’s like my PR team tells me (constantly): “Nothing is off the record. If you say it, expect it to be published.” That’s a great way to view your data too. Hackers only get better with time and as the steady stream of high profile data breaches demonstrate, industry is struggling to keep apace. In fact The Impact Team, the hackers responsible for the Ashley Madison breach, claim it was easy and state that the business had little security in place.
The lesson is that nothing on the Internet is 100 percent secure. If someone wants to access to it badly enough, they’ll find a way. It’s not that different from home security. We put locks on doors, knowing that if someone really wants to break in, they can. The point is to make it difficult enough that it is no longer worth the effort to break in. Internet security is similar. We can hide information, making it more challenging to access and hopefully provide enough of a deterrent that hackers won’t even bother.
Even as new technologies emerge, hackers will find a by-pass. Think back to home security. Add video cameras and a security system to the locks on the door and you are more secure. And yet burglars can still find a way in if the incentive is high enough. Again, it’s the strategy of making it so difficult that a burglar – or hacker –will simply move on to the next target.
Which brings us to the next point. Don’t make yourself a target! Knowing that security measures are never fail-proof, the best way to protect your data is to not call attention to it in the first place. Ashley Madison was tempting, though not likely as lucrative as other businesses.
Of course any business that collects sensitive customer data will always be a target. They should avoid bold security claims and focus on the best possible deterrents to keep would-be hackers away. They should also have a contingency plan in place for when they do get hacked. Getting caught by surprise is no longer a valid excuse. In today’s proliferating security race, the only constant is that getting hacked at any time is a real and very probable outcome.