Put your personal feelings aside; what's dangerous about the AshleyMadison.com breach is that ideologists now can go beyond taking down an IT system and actually destroy a business. This, says cybersecurity expert Carl Herberger, requires a new way to assess and mitigate risk.
What differentiates the hack of the "have an affair" dating site Ashley Madison from most other breaches, Herberger says, is that all three of the core tenets of information security - confidentiality, integrity and availability - were violated. Other breaches typically involve one or two of those core tenets. "This idea of all three in the one attack makes it so heinous," says Herberger, vice president of security solutions at Radware, an application and network security provider, in an interview with Information Security Media Group.
Hackers calling themselves the Impact Team claim they breached Ashley Madison, and in a web posting threatened to release full details for the site's subscribers, which reportedly number more than 37 million across 46 countries, if the owners of the site, Avid Life Media, didn't shutter it (see Ashley Madison Breach: 6 Lessons).
In the interview, Herberger explains:
- Why hackers with an agenda - but who aren't seeking personal financial gain - pose a new threat to all types of organizations;
- The importance of understanding an attacker's motive in determining a cyberdefense;
- Why organizations should adopt a new approach to risk assessment to account for the growing threat from hacktivists.
As vice president of security solutions, Herberger is responsible for developing, managing and increasing the company's security practice. He also serves as the primary corporate spokesperson in the Americas for security-related topics.