What Ashley Madison’s Data Breach Means for Web Security

What Ashley Madison’s Data Breach Means for Web Security

The Ashley Madison hack means a lot more than a few failed marriages.

What you do with your free time is your business – until it’s not.

Let me start by saying that the moral conscious in me cannot understand the idea of hosting a playground for married people to cheat on their spouses. The business person in me, however, commends the creators of the site for identifying an untapped market and tapping it (so to speak).

Ashley Madison's data breach

But with the latest data breach (if you haven’t yet heard about it, the identities of Ashley Madison’s 37 million+ users were obtained and are now being revealed) the landscape of web security is going to be shaken up (more so than it has in the past).

Quick disclaimer: While I don’t agree with the service provided by the website, that doesn’t make what these hackers did remotely acceptable. But let’s take the subject matter out of the equation and look at this from a purely analytical standpoint.

This image appears on the Ashley Madison website:

Ashley Madison's data breach

Badges like this are not uncommon, either. We see on everything from eCommerce stores to payment processing sites to social networks. Everyone touts the security of the data they possess, but while seeing a SSL certificate in the corner of the address bar makes us feel better about what we’re sharing, events like this make us question if that little green box is anything more than a security blanket.

Ashley Madison’s (and ALM’s) Future

When Target had its massive data breach in 2013, people were outraged and called for an inquiry into the security practices of the retail giant. Target might have been hit pretty hard by the bad press, but ultimately, a small settlement and some time seem to be the end of the issue. The difference here is that Target’s core business is not built on the security of user data and anonymity of users.

For some of Avid Life Media’s (ALM) properties (including Ashley Madison) security is the only thing that matters. With this massive breach, it’s hard to imagine how Ashley Madison – or even ALM, for that matter – can recover. When you have a network built off of trust, and that trust is broken, people are not all that likely to forgive. (This is, by the way, a wonderfully a propos symmetry between what service is being offered and how betrayed the users must feel; a sort of poetic justice.)

The parent – ALM – was hoping to file an IPO. That will likely be put on hold and the opportunity might disappear entirely. ALM’s PR team has been pushing to showcase Ashley Madison as a safe haven for data, claiming that it is the last secure hub on the web.

One would think that hubris has been put in check now.

The only real way the brand can bounce back is if it disappears for a little while, gets its security and encryption practices in check and launches as a new service under a different with a focus on nothing but security. And even then it’s a long shot.

What About Web Security in General?

This breach is going to force a lot of companies to take close looks at their data security practices. Too many times in the last few years, we’ve seen companies – some big and some small – fall victim to these types of breaches.

I was on a flight to Dallas a few months ago and I was sitting next to a VP of an Israel-based web security firm. He was telling me that a lot of their work tended to revolve around the security of government databases, so as you can image, their standard is pretty high. He was telling me about their operations, and explained that at any given moment, there are teams of programmers watching live data breach attempts and constantly updating their encryption in order to protect the data. That’s pretty serious stuff.

Even with these measures in place, we have seen examples of some data being breached by hackers within government agencies. But with proper measures in place, it can reduce the risk significantly, especially when you’re out of the government-sized spotlight and running operations on the private side.

Some of these practices are cost prohibitive. The average corporation can’t afford dozens or hundreds of programmers writing live code to thwart breach attempts. But measures in greater encryption and more regular system updates are likely going to result from this hack.

Who knows? Maybe we’ll find ourselves living in a world in the near future where our data really is safe on the web. Until then, I’ll just choose to live in my fantasy world.

The following two tabs change content below.
Corey Padveen is a data-oriented marketing professional with a focus on statistical analyses of human behavior. This specialization has led him to speak and present at dozens of conferences around the world, to write for a variety of reputable online and print publications, and recently, to publish ‘Marketing to Millennials For Dummies’ as part of the world-renowned ‘For Dummies’ series. He regularly shares real world examples and findings from his research, and discusses how members of society are evolving as consumers, communicators, and a global network as a whole.
Comments are closed.