The Democratic National Committee (DNC) data breach created a political firestorm and had serious repercussions for the Democratic party, culminating in the resignation of DNC Chairwoman Debbie Wasserman Schultz.
But the DNC breach isn’t just a political news story – it’s a cautionary tale for enterprises that think they are immune from data leaks and security threats.
How the DNC Data Breach Happened
One of the things that makes the DNC data breach so surprising is that DNC leadership must have known that that the organization was a prime target for cyber espionage. But whatever precautions the DNC had in place didn’t stop hackers (believed to be backed by the Russian government) from gaining access to sensitive information and records.
By the time the breach was discovered earlier this year, it was too late. Hackers had accessed the entire database of opposition research on Republican presidential candidate, Donald Trump, and published emails showing that the DNC had worked to undermine Bernie Sanders during the Democratic primary race. As a result of these disclosures, Debbie Wasserman Schultz was forced to resign her position as DNC chairwoman.
Although it’s unclear exactly how the hackers penetrated the DNC’s security defenses, it’s likely due to a combination of common tactics like phishing as well as complacency on the part of DNC leadership. In the wake of the scandal, the DNC has announced that it will perform a complete restructure of its cybersecurity management systems to thwart future attacks.
Lessons for Enterprises
According to Verizon’s 2016 Data Breach Investigations Report, there were 47,408 confirmed breaches at large organizations in 2015. This number dwarves the 521 breaches at small organizations during the same time period. Why? Because the stakes are higher and large organizations are primary targets for global fraudsters.
But the DNC data breach demonstrates that large organizations – even organizations that expect cyber attacks – are vulnerable. To avoid a security disaster, there are several specific lessons enterprises can learn from recent events at the DNC.
No organization is immune from attack.
The DNC data breach is as a wake-up call for large organizations. At some point, your enterprise will be attacked by cybercriminals intent on gaining access to sensitive information and data. In fact, it’s likely that your enterprise has already been the target of phishing attempts and other fraudulent tactics.
A robust prevention strategy begins with training your workforce in common sense, cyber-security practices and educating users about the many ways fraudsters gain access to privileged information. But it doesn’t end with education. To mitigate the risk of unauthorized data disclosures, decision makers need to accelerate the implementation of secure, enterprise-class technologies across the organization – a lesson the DNC learned the hard way.
Data breaches have real-world consequences.
Not surprisingly, the motive for cyber fraud is almost always financial. But the consequences of a data breach go far beyond dollars and cents. The DNC data breach led to the resignation of the organization’s chairwoman. More importantly, it undermined the organization’s credibility and had the potential to do serious damage to the Clinton presidential campaign.
The stakes are no less significant for enterprises. The financial cost of recovering from a major data breach can be staggering. But it can take years to regain the trust of customers and partners following a data loss, time that translates into missed growth opportunities.
Communication channels are usually the weak links in fraud prevention.
The most likely cause for the DNC data breach was a user who clicked on a malicious link received via email. That’s not accidental. Hackers know that communication channels are usually the weak links in organizations’ defense systems, so they target email, mobile messaging and other platforms to gain access to protected information.
At Infinite Convergence, we developed NetSfere, our secure enterprise mobile messaging service, because we’ve seen the kinds of vulnerabilities that consumer-grade messaging apps create for large organizations. When enterprises decide it’s time to get serious about security and the privacy of data, communication technologies are the most logical starting points.
Make no mistake: Cyber threats are here to stay. Large organizations are at risk and need to take additional measures avoid the high costs associated with successful attacks.
Over and over again, we have seen that communications channels and technologies are focal points for fraud. If nothing else, the DNC data breach shows that the time to evaluate your organization’s mobile messaging, email and other communications systems is now, before it’s too late.