The Non-Giggle-Factor about the Ashley Madison Breach
There is a giggle factor to the thought that 37 million people who proactively search out affairs could be exposed. However… once the giggle factor is gone, the truth is that this company was about to go public. Regardless of the direction your moral compass points, the sad fact is that a lot of people are about to lose a lot of money, sweat equity and potential wealth because they didn’t protect their platform and their company with proactive cybersecurity measures regardless of their multiple claims of discretion. I particularly like the colorful icons they have on their site… too bad they don’t mean anything.
Going public (IPO) is no laughing matter. It can sink as many companies as it turns into great financial successes. In this case Ashley Madison was about to raise $200 million in a London IPO. The hackers behind the breach performed the hack specifically to bring the site down. A woman scorned? Who can say?
The leadership of the company should have prepared for attacks for hacktivist-type intrusions based on its morally questionable service it provides worldwide. On top of their regular IT security, they didn’t seem to engage cybersecurity as a part of their IPO process. Below is a list of subject areas a company needs to address in order to execute an IPO. Cybersecurity is nowhere on the list.
Standard Checklist of Recommended Areas to Reinforce and Review before an IPO
- Organization and Good Standing
- Previous Financing Efforts; Authorization for Going Public
- Financial Information
- Physical Assets
- Real Estate
- Intellectual Property
- Employees and Employee Benefits
- Licenses and Permits
- Environmental Issues
- Taxes
- Material Contracts
- Product or Service Lines
- Customer Information
- Litigation
- Insurance Coverage
- Professionals
- Articles and Publicity
Even Ernst & Young states that business alliances ranks as fourth most important in pre-IPO activities because 63% of investors recommend it.
If you were taking a company public, wouldn’t you like the idea that the company has an alliance with a cybersecurity services company? Especially if the company exists completely online or relies entirely on technology, or relies entirely on discretion? Or all of the above in the case of Ashley Madison.
I fear the headlines will include too much of the giggle factor and release of names and not enough about the hard news takeaway that businesses need to learn from this breach: Investors, VCs and Bankers, part of your NEW IPO/ Investment process is to engage a third-party cybersecurity company to run audits, penetration tests, conduct anomaly detection, screen your personnel that have admin access, and limit the escalation of privilege’s given… on a continuous basis.
BACK TO BLOGS