{"id":393,"date":"2015-10-20T16:25:07","date_gmt":"2015-10-20T15:25:07","guid":{"rendered":"http:\/\/swivelsecure.com\/?p=393"},"modified":"2019-01-17T10:02:35","modified_gmt":"2019-01-17T10:02:35","slug":"life-is-short-protect-your-data","status":"publish","type":"post","link":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/","title":{"rendered":"Life is short. Protect your data."},"content":{"rendered":"<p><em>Chris Russell, CTO, Swivel Secure<\/em><\/p>\n<p>In November 2014, Ashley Madison, a notorious website that facilitates extramarital affairs, boldly claimed that it was \u2018the last truly secure space on the internet\u2019.<\/p>\n<p>In July 2015, a group of hackers announced that it had obtained the account details of 32 million users and demanded that the website, and its parent company Avid Life Media, immediately cease trading. Avid Life Media did not comply, and in August, the hackers released over 20GB of deeply personal, compromising data.<\/p>\n<p>Three months down the line, the fallout from the leak still continues to rumble on. It may not be the largest of data breaches, but the nature of the website means that it has been one of the most damaging.<\/p>\n<p>The whole affair, to pardon the pun, is such an omnishambles that it is hard to know where to even begin. Put it like this, if Ashley Madison was the last truly secure space on the internet, we all might as well go home.<\/p>\n<p>The central failing by Avid Life Media was the fact that cybersecurity simply was not taken seriously enough. Senior executives recognized that a data breach would be catastrophic, and were concerned about a \u2018lack of security awareness across the organisation\u2019. Yet, security was seen as \u2018an afterthought\u2019 to business concerns. One employee recommended utilising encrypted messaging. The response? \u2018What\u2019s the business opportunity?\u2019 Data breaches suffered by other similar sites, were not taken as wake-up calls, but rather as PR opportunities to boast \u2018how much better our site\u2019s ratio of men to women is\u2019.[1]<\/p>\n<p>At best, this laissez-faire attitude implies a fundamental misunderstanding of the need to take a risk-based approach to security. At worst it suggests that the firm wilfully chose to ignore \u2018risk\u2019 entirely.<\/p>\n<p>Taking a risk-based approach isn\u2019t rocket science. It involves assessing the risk associated with a particular threat, working out how much damage it could cause the business and applying strict policies that are commensurate with its potential to damage the firm. In this case, the risk was clearly high, given that hackers had already attacked other dating sites, so surely Ashley Madison recognised that a breach would be catastrophic, yet it did nothing to mitigate the chances of a breach.<\/p>\n<p>There are exceptions to the rule, but this isn\u2019t one of them. Occasionally there is a place for a risk based decision not to apply mitigations to a high risk threat \u2013 if there are bona-fide business reasons not to do so, for example. This circumstance is rare, however, and should never apply to a high risk threat where the potential outcome is \u2018catastrophic\u2019.<\/p>\n<p>What Ashley Madison did do was follow several poor internal policies. A striking fact about the breach is that although users\u2019 passwords were encrypted (that this was done badly is for another blog on another day), other tantalisingly incriminating details such as names, addresses, credit card details and sexual preferences were all stored in plain-text on the company database.<\/p>\n<p>On a website as compromising as Ashley Madison, it seems inconceivable that nobody recognised that the personal details of its users should also be encrypted, never mind that it also fails to be PCI-DSS compliant. Even the hackers admitted said they couldn\u2019t believe their luck. This inability to recognise the value of its own data is indicative of an organisation that had no considered cybersecurity strategy.<\/p>\n<p><strong>Don\u2019t get caught with your trousers down<\/strong><\/p>\n<p>So, what can we learn from the Ashley Madison hack?<\/p>\n<p>At the heart of the issue is the fact that the value of data is inherently contextual. In may be tempting to assume that the data\u2019s main value is financial. So that, for example, credit card details are more important than names and addresses. In this case, however, it\u2019s a fairly safe bet that Ashley Madison\u2019s customers valued the confidentiality of their names and addresses over their credit card details. As a consequence, a one-size-fits-all approach to cybersecurity is simply no longer adequate.<\/p>\n<p>It is imperative, therefore, that IT and IS departments take a holistic view of their entire enterprise, assess what is \u2018business-critical\u2019 and then apply risk assessments and strict policies that must be adhered to at all levels. This will enable them to implement measures that work best for their individual business structure, rather than hoping that a generic approach will be sufficient. Because one thing is for sure; it won\u2019t be.<\/p>\n<p>If you would like to discuss your multi-factor\u00a0authentication needs, please\u00a0<a href=\"http:\/\/swivelsecure.com\/contact\/\">Contact us<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chris Russell, CTO, Swivel Secure In November 2014, Ashley Madison, &hellip;<\/p>\n","protected":false},"author":2,"featured_media":395,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-393","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.1 (Yoast SEO v22.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Life is short. Protect your data.<\/title>\n<meta name=\"description\" content=\"In July 2015, Ashley Madison, a website that facilitates extramarital affairs, was hacked with account details of 32 million users released in a damaging data breach.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Life is short. Protect your data.\" \/>\n<meta property=\"og:description\" content=\"In July 2015, Ashley Madison, a website that facilitates extramarital affairs, was hacked with account details of 32 million users released in a damaging data breach.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/\" \/>\n<meta property=\"og:site_name\" content=\"Swivel Secure\" \/>\n<meta property=\"article:published_time\" content=\"2015-10-20T15:25:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-01-17T10:02:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swivelsecure.com\/us\/wp-content\/uploads\/sites\/2\/2015\/10\/upward_building_perspective_purple.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Victoria Laws\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Victoria Laws\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/\",\"url\":\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/\",\"name\":\"Life is short. Protect your data.\",\"isPartOf\":{\"@id\":\"https:\/\/swivelsecure.com\/us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swivelsecure.com\/us\/wp-content\/uploads\/sites\/2\/2015\/10\/upward_building_perspective_purple.jpg\",\"datePublished\":\"2015-10-20T15:25:07+00:00\",\"dateModified\":\"2019-01-17T10:02:35+00:00\",\"author\":{\"@id\":\"https:\/\/swivelsecure.com\/us\/#\/schema\/person\/7274c28d94b87023fa167c9c671de514\"},\"description\":\"In July 2015, Ashley Madison, a website that facilitates extramarital affairs, was hacked with account details of 32 million users released in a damaging data breach.\",\"breadcrumb\":{\"@id\":\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#primaryimage\",\"url\":\"https:\/\/swivelsecure.com\/us\/wp-content\/uploads\/sites\/2\/2015\/10\/upward_building_perspective_purple.jpg\",\"contentUrl\":\"https:\/\/swivelsecure.com\/us\/wp-content\/uploads\/sites\/2\/2015\/10\/upward_building_perspective_purple.jpg\",\"width\":2560,\"height\":1707},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swivelsecure.com\/us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Life is short. Protect your data.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swivelsecure.com\/us\/#website\",\"url\":\"https:\/\/swivelsecure.com\/us\/\",\"name\":\"Swivel Secure\",\"description\":\"Protecting Identities with Intelligent Authentication\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swivelsecure.com\/us\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/swivelsecure.com\/us\/#\/schema\/person\/7274c28d94b87023fa167c9c671de514\",\"name\":\"Victoria Laws\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/swivelsecure.com\/us\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6c7ce2426c633d5b5c12fa9b2e91b75118f14d592801fb2b91b42b1598814d1f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6c7ce2426c633d5b5c12fa9b2e91b75118f14d592801fb2b91b42b1598814d1f?s=96&d=mm&r=g\",\"caption\":\"Victoria Laws\"},\"url\":\"https:\/\/swivelsecure.com\/us\/blog\/author\/v-laws\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Life is short. Protect your data.","description":"In July 2015, Ashley Madison, a website that facilitates extramarital affairs, was hacked with account details of 32 million users released in a damaging data breach.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/","og_locale":"en_US","og_type":"article","og_title":"Life is short. Protect your data.","og_description":"In July 2015, Ashley Madison, a website that facilitates extramarital affairs, was hacked with account details of 32 million users released in a damaging data breach.","og_url":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/","og_site_name":"Swivel Secure","article_published_time":"2015-10-20T15:25:07+00:00","article_modified_time":"2019-01-17T10:02:35+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/swivelsecure.com\/us\/wp-content\/uploads\/sites\/2\/2015\/10\/upward_building_perspective_purple.jpg","type":"image\/jpeg"}],"author":"Victoria Laws","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Victoria Laws","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/","url":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/","name":"Life is short. Protect your data.","isPartOf":{"@id":"https:\/\/swivelsecure.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#primaryimage"},"image":{"@id":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#primaryimage"},"thumbnailUrl":"https:\/\/swivelsecure.com\/us\/wp-content\/uploads\/sites\/2\/2015\/10\/upward_building_perspective_purple.jpg","datePublished":"2015-10-20T15:25:07+00:00","dateModified":"2019-01-17T10:02:35+00:00","author":{"@id":"https:\/\/swivelsecure.com\/us\/#\/schema\/person\/7274c28d94b87023fa167c9c671de514"},"description":"In July 2015, Ashley Madison, a website that facilitates extramarital affairs, was hacked with account details of 32 million users released in a damaging data breach.","breadcrumb":{"@id":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#primaryimage","url":"https:\/\/swivelsecure.com\/us\/wp-content\/uploads\/sites\/2\/2015\/10\/upward_building_perspective_purple.jpg","contentUrl":"https:\/\/swivelsecure.com\/us\/wp-content\/uploads\/sites\/2\/2015\/10\/upward_building_perspective_purple.jpg","width":2560,"height":1707},{"@type":"BreadcrumbList","@id":"https:\/\/swivelsecure.com\/us\/blog\/2015\/10\/20\/life-is-short-protect-your-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swivelsecure.com\/us\/"},{"@type":"ListItem","position":2,"name":"Life is short. Protect your data."}]},{"@type":"WebSite","@id":"https:\/\/swivelsecure.com\/us\/#website","url":"https:\/\/swivelsecure.com\/us\/","name":"Swivel Secure","description":"Protecting Identities with Intelligent Authentication","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swivelsecure.com\/us\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/swivelsecure.com\/us\/#\/schema\/person\/7274c28d94b87023fa167c9c671de514","name":"Victoria Laws","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/swivelsecure.com\/us\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6c7ce2426c633d5b5c12fa9b2e91b75118f14d592801fb2b91b42b1598814d1f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6c7ce2426c633d5b5c12fa9b2e91b75118f14d592801fb2b91b42b1598814d1f?s=96&d=mm&r=g","caption":"Victoria Laws"},"url":"https:\/\/swivelsecure.com\/us\/blog\/author\/v-laws\/"}]}},"_links":{"self":[{"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/posts\/393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/comments?post=393"}],"version-history":[{"count":0,"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/posts\/393\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/media\/395"}],"wp:attachment":[{"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/media?parent=393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/categories?post=393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swivelsecure.com\/us\/wp-json\/wp\/v2\/tags?post=393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}