Almost every bit of the press coverage around the recent hack of the DNC computer network revolves around politics and Russia. The story usually focuses on who might have done the hacking and what information they might have retrieved.
But for me, as a long-time small business technology consultant, the bigger story is about why so many organizations are reluctant to change their security status quo. In face of the huge wave of data breaches, ransomware demands and phishing attacks that have been amplifying in intensity over the past few years, I am mystified about why organizations avoid the implementation of more safeguards.
Keeping the status quo risks influence, money & reputation.
Putting the entire focus of this event onto the perpetrator ignores the fact that the DNC appears to be negligent in their security responsibilities. It has been reported that the DNC hired Good Harbor Security Risk Management for $60,000 in September 2015 to do a 2 month security assessment. They found problems ranging from an out-of-date firewall to a lack of advanced malware detection technology on individual computers. They recommended the DNC take special precautions to protect sensitive data such as e-mails. The organization obviously didn’t act on enough of these recommendations in a timely fashion.
It is true that determined hackers are ingenious and constantly finding new ways to infiltrate networks. We have known this for years, but still the foot-dragging by businesses and political party organizations continues. With influence, money and reputation on the line, I don’t see why every organization doesn’t make an optimally secure network a top priority.
Recently James Trainor, assistant director of the FBI’s cyber division, told CNN that they have been encouraging organizations to allocate budgets to enhance their security. These efforts, in addition to daily news stories about breaches, should place this issue at top-of-mind. But all along the line from huge corporations right down to small businesses in Vermont, NOT implementing new measures seems to be the norm.
The security status quo must change or we all face a more perilous and less profitable future in both politics and business.