BreachExchange mailing list archives
Big names feel the power of hackers as corporate hotshots go down
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 1 Sep 2015 09:04:50 -0600
http://www.stuff.co.nz/technology/digital-living/71590101/big-names-feel-the-power-of-hackers-as-corporate-hotshots-go-down Infidelity website Ashley Madison split with chief executive Noel Biderman, after hackers revealed the company that encouraged people to have illicit affairs wasn't very good at keeping its own customers' secrets. Biderman is the latest in a string of high-profile corporate leaders to lose their jobs amid the fallout of embarrassing cyberattacks - joining the likes of former Sony Pictures Entertainment co-chair Amy Pascal in February and former Target chief executive Gregg Steinhafel last year.The breaches highlight how hackers not only can blow through a firm's security, the modern foundation of consumer trust, but also threaten enterprises built on discretion - and abruptly end high-powered careers. Biderman was less known than the other corporate figures, and his company was much smaller. But his downfall has attracted almost as much media attention because of the audacious claims he had made about the benefits of extramarital affairs - as well as the salacious details that spilled out of the hack. Leaked e-mails appear to show that Biderman himself pursued affairs - something he had denied. The hack also exposed the names, addresses or sexual preferences of 37 million accounts, and it is possible to search the hackers' database for registrations belonging to friends, co-workers, members of Congress or Hollywood celebrities who potentially put their marriages in the hands of a company they hardly knew. Many analysts and cybersecurity experts expressed doubts that Ashley Madison would survive the hack. They agreed that Biderman had to go. "We're talking about breaches that can put a business completely under," said Tyler Shields, a senior security analyst at Forrester Research. "The boards have recognised the risk that comes with a major record-compromising security breach - and when it's elevated to the board level, the ultimate responsibility falls on the CEO." The prospect of a chief executive losing his or her job over a cyberattack barely registered as a concern a few years ago. But that changed after hackers exposed vulnerabilities at a series of prominent corporations, including Home Depot, Target, Sony Pictures, eBay and the health insurance giant Anthem. Some companies moved swiftly to hire technology specialists to defend their corporate secrets from spying digital eyes. Salaries for executive technology positions have been soaring. Chief information officers, for instance, are now paid between US$157,000 and US$262,500 a year, according to a recent survey by Robert Half Technologies. That's about a 40 per cent rise from five years ago - an increase greater than what chief executives or chief financial officers experienced, the firm said. The unemployment rate of people who identify themselves as CIOs is 1.7 per cent. Toronto-based Avid Life Media, Ashley Madison's parent company, did not cite a specific reason for Biderman's departure. "This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees. We are steadfast in our commitment to our customer base," a company statement said. "Until the appointment of a new CEO, the company will be led by the existing senior management team." Biderman did not respond to multiple requests for comment through e-mail or through messages left on his cellphone and the phone listed for his home in Toronto. As chief executive, Biderman had zealously promoted and defended his business since it was launched in 2001. In an interview with last year, Biderman explained Ashley Madison's global reach. Infidelity, he said, is universal. "You get married, and after a period of time, your sexual attraction to your partner seems to wane," he said. "Both genders do it, even where it is prohibited by law." Biderman, who is married and has denied ever having an affair, argued that cheating can be good for society - as long as the trysts stay under wraps. As it turned out, his customers' secrets weren't safe with Ashley Madison. Neither, apparently, were his. The hack exposed e-mails between Biderman and several women in Toronto who sent him sexually explicit messages and arranged to meet him in hotels. A similar, if less seedy, embarrassment faced Pascal in the wake of the Sony cyberattack - which revealed racially insensitive e-mails in which she joked about President Obama's race and his movie preferences. Pascal apologized for the e-mails, but they were thought by many to have contributed to her downfall at the studio. Executives are not the only ones who suffer in the wake of these breaches. Among the Ashley Madison account holders who were outed in apparent quests for infidelity were the viral Christian video blogger Sam Rader and former family values lobbyist Josh Duggar. Ashley Madison is among several relationship sites that hold immensely personal data. Yet many of these companies have been criticised by researchers for lax cybersecurity. Dating sites Plenty of Fish and eHarmony have been breached in the past, although the fallout paled in comparison with the Ashley Madison attack. In May, the data for more than 3 million users of the hookup-oriented Adult FriendFinder site leaked online after a cyberattack, exposing users' sexual preferences and fetishes. Plenty of Fish, eHarmony and Adult FriendFinder did not respond to requests for comment. Online dating sites can make juicy targets for hackers seeking not only financial data such as credit card numbers, but also material for blackmail, according to Adam Kujawa, head of malware intelligence at the cybersecurity firm Malwarebytes Labs. The company recently reported that online advertisements on Plenty of Fish were hijacked to spread malware. "It's likely that the attackers were going after users of that site on purpose," Kujawa said. Researchers also have reported security flaws in dating sites Match.com and OkCupid and the mobile app Tinder, which belong to a subsidiary of IAC. Those issues have been resolved. "Our users trust us with the most importance search of their life, for romance - and we take that very seriously," said Sam Yagan, chief executive of the Match Group. The Match Group hasn't implemented new security features in the wake of the Ashley Madison breach, he said, but his company has been extra vigilant in reviewing current policies. "If someone breaks into the house next door, you double-check your locks." He added, "Ultimately the CEO is accountable for everything - whether it's a security breach or anything else that happens to a company." Forcing senior executives to step down after major security failures may scare others into investing more heavily in digital security, said Shields, the security analyst at Forrester Research. "For years, it's been a struggle for security experts to get the resources and budget they need," he said. "At the end of the day, everyone is driven by incentives - even negative ones."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Big names feel the power of hackers as corporate hotshots go down Audrey McNeil (Sep 01)