Skip to content ↓ | Skip to navigation ↓

Up until this month, I wasn’t aware of Ashley Madison’s site or the nature of the services they offered – what may be described ‘RaaS’ (Relationships as a Service). However, since this organisation has come to my attention, I have conducted research and completed interviews for BBC TV, the radio, news publications, and a host of other agencies, which serve non-IT/cyber security related audiences.

Looking at the debates and adverse publicity around this exposure, and when considering the implications, we arrive at the following observations:

Increased Advertising

Brand is nothing! In the case of Ashley Madison, one fact is certain: even if you have been unknown up until a hack, your company will receive more press coverage than you could have ever dreamed of after the incident, albeit the nature of this advertising will be adverse.

Legal Feeding Frenzy

Given the numbers involved in this exposure, the victims of which are spread around the world, one may well anticipate a number of lawsuits to take place with regards to personal injury, such as the class-action lawsuit that was recently announced against the company.

The Potential Inadequacy of Cyber Insurance

When we consider the supposed benefits of cyber insurance, we have to counter those thoughts with the very real potential that large incidents like the Ashley Madison hack can quickly exhaust underfunded policies.

ashley madison

Do as I say, Not as I do

To add insult to injury (and here is the big one), there are security companies out there who are backed by big name brands that offer services to help protect clients, but they are themselves insecure!

At the End of the Day, Nobody Died

Earlier this summer, I wrote an article entitled “RBS Systems Failure: At the End of the Day, Nobody Died!” Sadly, with the real-life implications of the Ashley Madison event, and from what the Canadian press and police are inferring, this is no longer the case. It is now being reported that there may have been suicides as a result of this breach.

Indirect Adversity

Following the hack, there has been a subsequent wave of spam, extortion attempts and fake offers made by fraudulent services to assist exposed users in recovering from the event’s unwanted exposure.

Conclusion – a Trend to be Broken

The negative repercussions notwithstanding, we are seeing some green shoots sprouting out of this very bad situation insofar as it is helping to elevate security as a topic of concern for ordinary people. I believe that this event will be representative of the tipping point at which time we may start to realize that simply ticking the box in security no longer suffices and that organizations must strive to deliver fit-for-purpose, robust, intelligent and imaginative security that is subject to continuous assessment.

 

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Title image courtesy of ShutterStock

Hacking Point of Sale
  • I don’t believe security people have ever accepted that ticking boxes suffices as security. That is a decision many organisations have made. Organisations are too willing to accept the risks once they have ticked the boxes. That won’t change until consumers begin to select who they do business with based on their security track record. The ‘tipping point’ is definitely on the horizon.

  • Agreed – but sadly some security people are willing to go along with the 'direction', and even when they know the solutions are not adequate, it may all come down to a personal level of survival.