The security industry has reacted to the Ashley Madison data breach, with key figures offering their advise on how your business can avoid a similar situation.
Last month, Avid Life Media (ALM), the company behind the affair-encouraging website Ashley Madison, was a victim of a successful cyber attack relating to the personal data of its 37 million users. The firm has now become a victim once again with reports that 9.7 gigabytes of customer data stolen from the dating site has been released on the dark web.
“Consumer trust in a business has never been so critical,” commented Matt Newing, CEO of Elitetele.com. “Today’s reports demonstrate the need for customers to feel confident that their financial and sensitive details are safe when parting with them. The bottom line is, if the public does not trust your brand, they aren’t going to give you their custom.”
Recent research by Elitetele.com found that four in five consumers aren’t confident that their financial information is secure when dealing with big brands. In addition to this, a third didn’t believe their data is more safe today than it was five years ago.
“Businesses need to ensure they have the correct technologies in place to protect consumer data so it can proactively communicate its security to its customers, earn their trust and therefore safeguard the growth of the business. One initial, simple step a business can take is to ensure they are PCI compliant,” added Newing.
Blue Coat said that it predicted the cyber attacks on ALM and believes there is more to come.
“Now that more than nine gigabytes of data has been released, they may begin to look at the financial value of a target to see if they will profit from the time spent building malware for the attack. This data is most likely to be amongst some of the most valuable data set compromised so far. If it is worth $100 to ‘go away’ and there are 37 million users, this could be one of the largest cyber heists in history,” declared the firm.
“Not all of the personal data of Ashley Madison users has been released, therefore cyber attackers may go directly to the management, or to the individual users of Ashley Madison and ask for a payment for the release/deletion of personal data,” added Blue Coat.
The security firm also suggested that if attackers can identify high value targets who are members of Ashley Madison, they may work on collecting social media data to impersonate the victim over a long period of time. If successful, attackers can gain unrestricted access to corporate networks and sensitive work information.
WatchGuard’s CTO, Corey Nechreiner, told us that the sheer scale of the compromise is what is most worrying about the data breach: “Information stolen could lead to any number of hackers extorting money and blackmailing users for the rest of their lives.”
Nechreiner’s advice for other businesses is to make sure they implement discovery-and-response tools so that they can immediately see and handle the incidents that get past their gates.
“At the route of these exploits, I am reminded of the advice I regularly give to kids. At a very basic level, do not put anything online you wouldn’t be happy to see on the front page of the newspaper on your grandmother’s coffee table.
“The internet is forever, no matter who you trust with your data,” he concluded.