Posts

China Hacks Wall Street Journal. Is Your Business Next?

Quick! Name a major international newspaper that wasn’t hacked last week. It might be harder than you think.

Last Wednesday, The New York Times announced on its front page that it had been hacked over the course of four months by state-sponsored cyber criminals in China. The Times said that Bloomberg News had also recently been targeted. The following day, The Wall Street Journal said it too had been infiltrated by Chinese hackers. Next up was the Associated Press, acknowledging similar data security breaches.

According to The Times, it was breached thanks to a spear-phishing attack, at which point the hackers uploaded an array of malware to the company network and started stealing email passwords of reporters, editors and other employees.

This all stems from an October 2012 story written in the paper about the family of the Chinese prime minister quietly amassing a multi-billion-dollar fortune in recent years. Apparently, they were looking for sources used in the investigation that might be revealed in the email accounts of Times reporters and editors.

There is a frightening paradigm shift that seems to have happened in the blink of an eye, but in reality has been ongoing for a while now. State-sponsored cyber attacks are more common than most would think, and if a foreign country thinks it can gain an advantage over the U.S. by weakening businesses and entire industries, in addition to monitoring media outlets and exposing confidential sources of journalists, everyone should be concerned.

Ultimately, you can have all the latest high-tech security measures in place, but they won’t mean anything when a simple mistake made by an employee opens up a hole in your defenses big enough to drive a truck through. Password and data risk management, ways to spot and avoid phishing emails, what type of information you shouldn’t store in online accounts – these are just a few of the things employees must be educated on.

You can build a moat around your business, but if a trusted employee accidentally lowers a drawbridge, don’t think for a second nefarious individuals won’t rush right in.

John Sileo is an data security expert and keynote speaker on social media privacy and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Data security dealt another body blow as Twitter gets hacked

About 250,000 Twitter accounts may have been hacked last week. Was yours one of them?

On Friday, the company announced via its official blog that it has reset the passwords for those users after a breach was detected in which email addresses, usernames and encrypted password data may have been accessed by hackers.

The blog post was quick to point out that other companies such as The Wall Street Journal and The New York Times have recently fallen victim to data security breaches as well, though those attacks appear to have been state-sponsored (check back here tomorrow for more on those breaches).

There has been no indication as of yet that the infiltration of Twitter was related to those incidents. However, Bob Lord, the company’s director of information security and author of the blog post, said he does not believe this was an isolated event, and that the attack was sophisticated and not “not the work of amateurs.”

Lord also suggested that users disable Java in their Web browsers, seemingly suggesting that some of the blame for the Twitter breach could lie there.

The bottom line is that the methods used by hackers, whether independent or state-sponsored, are becoming increasingly sophisticated. Are you taking the necessary steps to ensure that your employees are aware of how serious data security and social media risk management are? Are you absolutely certain that no one is using the same password for their personal Twitter account as they are for their login to your company network?

All it takes is for one individual to either be too lazy to care or uninformed, and your whole company could end up paying the price. Seeking out the advice of a data risk management expert is the best move one can make. In the meantime, try implementing a system where employees regularly change their company passwords in an effort to limit windows of exposure.

John Sileo is an data security expert and keynote speaker on social media privacy and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.