Thursday, June 18, 2015

Hack Me Out To The Ballgame. Cyber Attacks a Game Changer.

There is little question that cyber security is more important than people ever imagined it would be. Just a few short years ago, having up-to-date firewalls and anti-virus software was considered more than enough protection for most companies and organizations. Today, however, C-Level Executives are faced with a new, more simplified information security-focused raison d'etre: "Keep us out of the news."
A recent report indicates that cyber-attacks increased by 48% in 2014 alone, and that number has rapidly increased through 2015. In addition, almost every major company (whether in retail, sports, entertainment or even the Federal government) has faced at least one cyber-attack in their past; if successful, those cyber-attacks yield damages in the millions to billions of dollars, as well as create public relations nightmares.  

Hack me out to the Ballgame

The most recent negative headlines involve America’s Pastime. The St. Louis Cardinals, with the best record in baseball this year and a perennial playoff contender, are under investigation by the FBI and Justice Department for hacking into the Houston Astros database (called Ground Control) to garner closely guarded information about the inner workings of the Astros front office, and specifically General Manager Jeffrey Luhnow.
The biggest question is: why would one of the most successful franchises over the past 20 years want to steal information from one of the worst teams over the past 10 years? The answer is Luhnow. He did not come from a baseball background when he joined the Cardinals back in 2003, but his use of analytics in drafting ballplayers figured prominently in the sustained excellence of the organization. After moving to the Astros in 2011, Luhnow built Ground Control to help revamp that struggling franchise. It was from Ground Control that information began to spill out for 10 months until June 2014 when the FBI was called in. While it is still an ongoing story, rumors swirl that the hackers were able to infiltrate by using passwords from the system Luhnow had used in St. Louis, and that the hack was not as much a theft of baseball operations data as it was more of a character assassination attempt on Luhnow.
The Cardinals officials who orchestrated the hack will certainly be prosecuted by the Justice Department, and the team itself will have fines levied and lose draft picks; never mind the public relations hit they will take being branded as cheaters. According to Luhnow, Ground Control’s security has been upgraded. Better training in security, including a greater password creation methodology, might have made this hack a big whiff.

Caveat Emptor

As the 2013 holiday shopping season began in late November, hackers installed malware on Target's Point of Sale (POS) registers that was designed to capture customer contact and credit card information used at their almost 2,000 retail store locations. By December 15th, Target confirmed the data breach had resulted in over 70 million stolen customers information (including name, address, email, phone, etc.) as well as 40 million compromised customer credit and debit cards.
Three days later, CEO Gregg Steinhafel sent the following letter detailing the breach to their customers:
In the weeks that followed, Target, once associated with "quality for less" and praised by Forbes in 2010 for "getting the simple things right (and a lot more)", incurred a constant and sustained barrage of media coverage that resulted in a public relations disaster that brought about a 46% drop in quarterly year over year profits.
On March 4th, Steinhafel, in an effort to restore the company's reputation among wary shoppers concerned about the security of their personal data, announced the resignation of CIO Beth Jacob.  By May 5th, Steinhafel himself was gone, having been forced to resign his positions as President, CEO and Chairman of the Board of Directors.
Steinhafel's ouster demonstrates that cyber-attacks and the damages they inflict place BOTH organizations and their executives (not just Chief Information and Chief Information Security Officers) at risk.
Ultimately, the Target breach was wholly avoidable, as a recent purchase of a $1.6 million dollar installation of FireEye (an advanced persistent threat anti-malware system) would have detected and deleted the malicious software. Unfortunately for Target, they had turned off the feature that would have stopped the attack. The great Target lesson is that company managers need to be armed with the knowledge required to understand the importance of preventing and combating cyber-attacks - as well as the requisite knowledge and training with which to contribute to security policy decision making. All C-Level Executives need to understand more in-depth technological concepts to collectively solve information-security challenges to ensure that their company does not fail both their consumers and shareholders.

"Angelina Jolie is a minimally-talented spoiled brat - between you and I"

While it is an unfortunate reality that there are new stories of cyber-attacks coming out all the time, perhaps the most embarrassing in recent memory is the Sony Pictures breach from late 2014. During that attack, (which had been going on for possibly a year prior to being found out) hackers were able to access everything from how much Sony was paying actors in their movies (and private email correspondence between Sony executives about what they really thought of certain actors, such as Angelina Jolie), the raw video footage of upcoming movies (including The Interview, which was originally supposed to be a holiday tent pole for Sony), and countless documents about internal business operations. While experts still aren't sure exactly how much the Sony breach will ultimately cost, estimates have already exceeded $100 million (and counting). However, perhaps even more important than the monetary cost (or at least as important) is the damage that Sony's reputation has suffered.
Perhaps the biggest loser from the breach was Sony Pictures co-chairwoman Amy Pascal. The release of her private emails gave intimate behind-the-scenes access of Sony Pictures day to day operations but the back and forth emails between her and other high profile Sony and Hollywood players her which derided not only actors, but also President Obama. These emails subsequently led to her stepping down from her co-chairwoman position in May.
Again, the ultimate cost to their reputation has yet to be determined, but it isn't difficult to envision actors and actresses that are reluctant to trust Sony with salary and other sensitive information, at least until Sony can prove that they have completely revamped their cyber security protocols. 

Even the Feds aren’t secure

Large for-profit corporations aren't the only entities at risk of cyber-attacks. Just in the past few days, it was announced that servers of the United States Federal Government (specifically the Office of Personnel Management) were hacked over a 5 month period, with as many as 14 million former and current civilian employees' Social Security numbers, birth dates, job assignments, training records, and benefit selection decisions being stolen.
According to an assistant inspector general (Michael Esser) of the Office of Personnel Management testifying before the House Committee on Oversight and Government Reform, the agency has persistently failed to meet basic computer security standards- as Katherine Archuleta, the head of the OPM faces congressional pressure to step down. Esser stated that many of the people hired to run the agency’s IT department had no computer experience, and that the agency itself did not discipline its employees after it failed several security audits. Archuletta, according to lawmakers, was told by the inspector general on multiple occasions to shut down the hacked system, but ignored those warnings, exposing the information. Committee Chairman Jason Chaffetz, R-Utah, said that the OPM’s security strategy was on par with leaving its doors and windows unlocked and trusting nothing would be stolen, and called on Archuletta to step down.
As a response to the OPM hack, Federal Chief Information Officer Tony Scott ordered government agencies to beef up their network security by launching the “Cybersecurity Sprint”, a 30 day program to implement better cyber security protocols. The fallout from this hack remains to be seen; will this information be used as leverage to force OPM employees to spy for foreign services? Will better training shore up our porous cybersecurity defenses? Will anyone’s head roll?

How industry is reacting to the new realities of cyber security compared to how they SHOULD be reacting

It should come as no surprise that the cyber security industry has started to grow rapidly as a result of these new realities. While the global cyber security industry is expected to grow to an impressive $106.32 billion in 2015, that number will shoot up to an estimated $170.21 billion within the next 5 or so years. 
The most important thing that companies and government entities should do is ensure that they have talented individuals working on their cyber security. This either means hiring and developing experts directly, or contracting the work out to a reputable IT company that has a proven track record of being ahead of the curve with regards to cyber security. 
It is also important for companies to secure critical company data on proven enterprise-grade platforms. While "cloud" platforms are a viable option, these platforms require even stronger assurances that data is secure (since a hacker breach can result in a complete loss of secured data). 
To stay ahead of rapidly evolving threats, companies, contractors, and government agencies alike must move aggressively to recruit, educate and train a cyber-workforce for the future, with the skills we need to tackle this problem in the years ahead.  Industry certification programs like (ISC)2's Certified Information Systems Security Professional (CISSP) provide both a path to skills competency and a means to evaluate proficiency in this increasingly visible field.
Christopher D. Porter is the Chief Executive Officer of Training Camp, Inc.  (  Training Camp (TC) is a leading provider of information technology and security training courses. Founded in 1999, TC has successfully trained nearly 100,000 certification candidates worldwide. 


  1. Agreed, cyber security is essential for modern enterprises like traditional security is. What is interesting is that data loss may cost more than for instance all the office equipment. That is why companies are ready to pay for quality data room m&a services in order to keep their data safe.

    1. Great Article Cyber Security Projects projects for cse Networking Security Projects JavaScript Training in Chennai JavaScript Training in Chennai The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. Each one of us is a piece of this cyber world, straightforwardly or by implication, since PCs and web are currently a basic piece of our own and expert life.BestSecurityPlace

  3. Establishment is a breeze. Distinctive models accompany diverse mounting frameworks however few require costly apparatuses or master information. BestSecurityPlace

  4. Great post, it was nice to see this article. It was really appreciable. Thank you so much for sharing such an informative article. Checkout here more info about i need a hacker urgently

  5. Every business process has become online and almost every industry is turning out to be more techno oriented. cyber security course in hyderabad

  6. Thumbs up guys your doing a really good job. It is the intent to provide valuable information and best practices, including an understanding of the regulatory process.
    Cyber Security Course in Bangalore

  7. Very nice blog and articles. I am realy very happy to visit your blog. Now I am found which I actually want. I check your blog everyday and try to learn something from your blog. Thank you and waiting for your new post.
    Cyber Security Training in Bangalore

  8. I will really appreciate the writer's choice for choosing this excellent article appropriate to my matter. Here is deep description about the article matter which helped me more.
    Best Institute for Cyber Security in Bangalore

  9. Three are usually cheap Ralph Lauren available for sale each and every time you wish to buy. poker indonesia

  10. I will do whatever it takes not to put a great deal of logical wording with the goal that a typical man or lady could comprehend the substance without any problem.cyber security training in hyderabad

  11. A person found guilty of cyber crime shall be punishable with imprisonment for a term which may extend to three years or with fine or with support services

  12. In fact, the Air Force Academy offers a degree in "computer science-cyber warfare" and Naval Academy has made a course in "cyber security" mandatory for Freshman.How to hire a cybersecurity expert

  13. Thank you for sharing such a Magnificent post about Information Technology. I found this blog very useful for future references. keep sharing such informative blogs with us. Best Information Technology Company

  14. Excellent post. I was always checking this blog, and I’m impressed! Extremely useful info specially the last part, I care for such information a lot. I was exploring this particular info for a long time. Thanks to this blog my exploration has ended. traffic secrets

  15. I am glad that I came to see this, I really loved it your writing way about cyber attack. Thank you for sharing it. I have bookmarked your page, excited to see more of it! Oracle Apps Training

  16. That appears to be excellent however i am still not too sure that I like it. At any rate will look far more into it and decide personally! sviluppo siti web Milano

  17. Email is essential part of communication on the Internet. Most web hosting companies out there will give you more email addresses and more space to hold email messages than you will ever need. ssd vps hosting

  18. I agree with you -- and your points are absolutely correct Drug treatment centers in New Orleans

  19. I read this article, it is really informative one. Your way of writing and making things clear is very impressive. Thanking you for such an informative article.Cheap VOIP Phone system

  20. For example you might qualify for a specific level of service while your next door neighbor doesn't. Not all Internet service providers will offer the same terms and conditions, so you will also have to shop around before you make the final decision. Admin Login

  21. i never know the use of adobe shadow until i saw this post. thank you for this! this is very helpful.

  22. I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors.
    data science course fees in bangalore

  23. Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place..cyber security

  24. For individuals, small business, or enterprises, it is essential to learn about cyber security in order to prevent potential threats and secure their information. As a fellow cyber security company in India, I am glad to come across this. Thank you for sharing your valuable experience. Great blog.

  25. Do you have absolute trust in your lover or husband?
    We all know, reading other people's messages is an illegal act. However, here, in some force majeure cases, you have to do this to protect your rights and interests and find out the secrets that are being hidden.