The National Party website defacement – could you be next?
By Graeme Sinclair and Rupert Dodds, KPMG
Recently a hacker defaced the National Party website with Neo-Nazi slogans. Aside from acute embarrassment and a hasty
shutdown of the site for a security review, it appears that the attack hasn’t caused long term damage to the National
Party.
Not everyone gets off so lightly. Security breaches such as website defacements, or theft of data – especially personal
data – can be disastrous for the reputation of a business. Customer confidence plummets and the subsequent investigation
of the security breach can cause serious disruption within the organisation. The increasing reliance on electronic
communication such as the internet and email further exposes the organisation to risk, and a breach of these systems can
penetrate deep into the internal workings of the business.
So what can businesses do to protect themselves from the potentially disastrous consequences of a serious security
breach?
First, businesses need to understand that security is a very dynamic activity operating in a rapidly changing
environment. Software vendors are continually offering patches to keep up with system vulnerabilities exposed by
hackers. Network security is like a dam holding water. If any cracks appear in the dam wall they are repaired to ensure
that the water won’t seep through and bring the whole lot tumbling down. It’s the same with an organisation’s security
systems. Perimeter security keeps unauthorised persons out of the internal network, but often cracks appear and patches
have to be applied to protect the system. Therefore, it is crucial that businesses keep up-to-date with the latest
patches and fixes offered by software vendors. A bit of time and a few dollars spent here could save you millions.
However, security is not only about firewalls, hackers, and patches. It is also about people and processes. Too often
businesses put all of their resources into the technical side of things and forget the rest. The most sophisticated
security system in the world won’t protect a business against sloppy password protection. Make sure that passwords are
not guessed easily and change default passwords on operating systems regularly. Ensure that staff are aware of their
security responsibilities. For instance, it is crucial that they don’t share or write down passwords.
Security management is a multi-faceted discipline and businesses need to make sure that they invest their time and money
wisely. They can do this by carefully assessing where the greatest security risks are in their business and allocating
resources accordingly. Getting back to the dam metaphor – the biggest cracks usually get fixed first. It’s the same with
security management.
An attack on a website like the National Party’s does not happen without the hacker sniffing around the website
beforehand to pick up information. How do you monitor and test your systems and staff response to suspicious activity?
Some organisations deliberately employ legitimate “white hat” hackers to seek out bugs in their network security and
plug them before the real “black hat” hackers arrive on the scene.
The burglar looks for the house with lights off, no dogs and no alarm system. It’s the same with system security. Being
smart about security and having appropriate protections in place will reduce the chance that you will be the next
red-faced executive explaining yourself to the media and disgruntled customers.
ENDS