Blog: Would you really like to end up like Ashley Madison?
I suppose you have read about Ashley Madison and their recent dataloss? It has turned out that the information has been released and the damage for the Ashley Madison is massive to say the least.
[7. oktober 2015] Not only is a truckload of customer information put into the wild with extortion, threats and news exposure flaming up everywhere but even worse (if possible) is the exposure of the business model of Ashley Madison. In a global world where your online presence is analysed in all details the way you conduct your business becomes the only way of gaining the upper hand in a fierce competition.
I conducted a risk analysis for a client a few years back that are in the manufacturing business and they had an incident where a business partner did a lot of documentation on the layout of the factory. A year later they broke the contract and started a manufacturing plant of their own. Again the business model turned out to be of a lot of value.
What should you do to protect yourself? Mainly you have to think along three avenues: Security infrastructure, security policies and security testing.
Security infrastructure is mainly about having the right tools for the right protection. In todays interconnected world with a lot of focus on processes and secure applications there is a tendency to downplay the infrastructure. A lot of the infrastructure today is possible to buy as a service, like Identity as a Service, Network as a Service and similar.
Security policies and compliance schemes are the core of security setting the baseline for the security and decide what needs to be protected. Without a working set of policies you have to rely on so called best practices and that quite often turn out to be the worst practices. To enable a connection between the policy and infrastructure you need to use security architecture as a framework to define your security mechanisms.
The third pillar is security testing. Security is like milk in the sun in August: Fresh when opened but gone bad five minutes later. You have to test that your infrastructure is sound, that your security architecture stand the test of time and last but not least test your applications for security vulnerabilities.
If you haven´t started before it sure is time to start taking cybersecurity serious and get help to sort out the problems. Security is hard and requires trained professionals. If you haven´t got them either hire them or buy security as a service.
Learn more about our Cyber Security Services.
- Jesper KråkhedeCyber Security ansvarlig
+46 (0) 725276587
Jesper KråkhedeCyber Security ansvarlig
+46 (0) 725276587
Jesper er ansvarlig for Capgemini Sogetis Cybersecurity afdeling med over 17 års erfaring med sikkerhedsarkitektur i felten. Han har arbejdet med alt fra penetrationstest og computer forensics til strategisk rådgivning og CSO/CISO.
Jesper har erfaring med sikkerhed og sikkerhedstest fra en lang række sektorer, fra manufacturing, logistik, finans til atom. Hans holdning til sikkerhed er, at det skal være let for slutbrugerne, give værdi for organisationen og være målbart.