Lost in the stories of last week was a story I really don’t want to talk about, but I have to: Planned Parenthood got hacked, and a database of its employees was stolen.
I don’t want to talk about it because the risk is this story becoming about abortion rather than about security. But it brings up a real problem: Now we know that political activists have the desire and the ability to hack into organizations they disagree with.
The argument I’ve run into earlier in my career has been, “Nobody will want to hack into us. We help people.” I warned that not everybody sees everything that way. If a company takes the wrong stand on an issue, or endorses the wrong political candidate, or releases a product that’s controversial, the company now has a target on its back.
That’s the new reality.
Abortion activists aren’t exactly the people who come to mind of when we think of hackers breaching companies. But they don’t have to do it–all they have to do is come up with the money to hire someone to do it. If the hacker for hire doesn’t share the activists’ view or agenda, raising the price may change his mind.
My advice: If you don’t have a threat and vulnerability management program, get one going now. You’re going to need it.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.