In response to the news that Russian government hackers penetrated the Democratic National Committee (D.N.C), the security experts commented below.
Adam Laub, Sr VP of Product Marketing at STEALTHbits Technologies:
“Political stances and consequences aside, this situation highlights the inherent dangers of “Shadow IT” whereby end users or business units within an organization leverage technology outside the purview and control of IT Administration and Security staff. As if talent isn’t scarce enough to protect the systems, applications, and data that organizations know about, there was simply no opportunity to secure this information at all, because no one capable of implementing safeguards was aware of its existence. Additionally, a major point of discussion through this entire saga has been Secretary Clinton’s use of a private email server, where the word “server” gives the average, non-technical person a feeling of elevated intent to have done wrong. It’s worth noting, however, that the use of a 3rd party email server offering like Gmail or Yahoo, or even a personal instant messaging application like Skype, could have resulted in the same outcome. For those in support of or opposed to Secretary Clinton, the fact of the matter is that the practice of Shadow IT is rampant within institutions both private and public.”
John Gunn, VP of Communications at VASCO Data Security:
“Three thoughts:
“Political organizations do not invest much in IT security as they have few assets worth stealing, so this attack was likely carried out by low-level hackers within the attacking organization.
“The hackers that pose a real threat work for financial gain, and the bigger the gain the bigger the hacking effort. Think of the failed attack on JPMorgan Chase as an unsuccessful attempt on Mt Everest and this hack as a stroll to the corner store.
“The DNC can’t really have anything on Trump that isn’t already somewhere on the internet, and it is hard to imagine that the hack would reveal anything more intriguing than what Trump is already saying almost daily.”
Craig Kensek, security expert, Lastline:
“Paranoia needs to be the watchword for organizations. Given that it’s an election year, major political organizations should have tightened their security or at least hired a firm to assess their security. Look for some quick investments in enhanced security by major political organizations. Someone should send an email to their volunteers to protect their mobiles, as well. The next 24 hours will tell whether the Republican party will use this as another case of a “Democrat” organization lacking appropriate security against threats.”
Ray Rothrock, CEO at RedSeal:
“The DNC’s opposition research is a high value asset that has been compromised by Russian government hackers. In addition to being embarrassing, it should be a wakeup call for every organization, every campaign, that your network is not immune from cyberattack and that your perimeter defenses, your firewalls and virus scans, are not foolproof.
The new cyber battlefield is inside your network; not on the perimeter. To win, you need to put cyber resilience at the top of your priority list. Cyber resilience is the ability to scan, detect, correct and protect your high value assets like the DNC’s opposition research.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.