Is Nothing Sacred Anymore?

It’s unthinkable: hackers targeting that sacrosanct American institution, the sports team? The recent incident in which the Houston Astros’ internal trade discussion were hacked and posted on the Internet shows that, today, no target is off limits.  Jeff Luhnow, GM for the Astros, was quite right when he said: “It’s a reflection of the age we living in. People are always trying to steal information” The main problem that encourages this kind of illegal activity is that it’s really relatively easy.  Nobody thinks the hacker who stole the information from the Astros was heavily funded by a foreign government, or anything like that.  Indeed, it’s quite possible the person or people involved had no more motivation than curiosity, and found it easy to get in. The challenge, of course, is that every business has secrets – how it approaches negotiation, or the pricelist for its upcoming products, or its next quarter of advertising plans.  All that information is useful to others if it’s exposed.  Many businesses like the Astros have treated IT security as a “high end” problem – something for banks, the military, or energy companies to worry about.  But it’s just not possible to operate that way anymore – the risk of corporate embarrassment, or worse, is escalating.  Attackers are finding our complex defenses are badly deployed, badly coordinated, and easy to walk through.  All the attacker needs is persistence, and the search for a forgotten, unlocked “side door” onto the business can be largely automated.  Defenders need to understand all the gaps, and how all the security defenses work together, even if their only target is “good enough” security.  As the Astros have found, the standards of “good enough” are rising rapidly.