In the Line of Fire: The Press Gets Hacked

Amy Larsen DeCarlo
Amy Larsen DeCarlo

Summary Bullets:

  • Press organizations, including The New York Times and The Wall Street Journal, strongly suspect that Chinese hackers infiltrated their networks looking for information on news sources and research.
  • These attacks – and private sector incidents – underscore the increasing prominence of politically, ideologically, and revenge-driven attacks in the threat environments.

2013 is starting where 2012 left off, with ideologically and politically motivated attacks making headlines, and in the case of a few recent high-profile breaches, making the news outlets that write those headlines extremely anxious.  The New York Times, The Wall Street Journal, and a number of other press organizations have publicized their own battles against what they suspect are politically backed hackers which have successfully breached their networks in search of data gathered on sources that exposed government scandals.  Though its government has denied any involvement, China specifically has been named for the role that attackers, suspected to be/accused of acting on its behalf, have played on hacking into journalist’s files in search of information used in articles on corruption and other political issues in China. Continue reading “In the Line of Fire: The Press Gets Hacked”

Closing Security Gaps: Introducing the Pressure Incentive

A. DeCarlo
A. DeCarlo

Summary Bullets:

  • For all the talk about sophisticated security strategies, too many breaches can be avoided by making sure the basics are under control, starting with adequate data security policies.
  • The recent breaches of Global Payments and LinkedIn’s data cast a harsh light on the lack of care those organizations took to applying appropriate protections such as multi-factor authentication and encryption to safeguard customer data.

One unfortunately consistent truth about data security is how often some of the most egregious data breaches could have been stopped if adequate care was taken to ensure the most fundamental elements of security were in place, starting with the appropriate policies regarding the handling of crucial customer data.  We have seen this recently with attacks such as the theft of hundreds of thousands of patient records from Utah’s Medicaid health system in March (see “Anatomy of a Breach: What We All Can Learn from the Utah Medicaid Records Theft,” May 18, 2012), where a cascading series of clear missteps in policy and execution made the breach relatively easy for hackers. Continue reading “Closing Security Gaps: Introducing the Pressure Incentive”