Just like in the aftermath of any infidelity, Ashley Madison, the ‘cheating’ website, have got some way to go to rebuild trust.
But where did it all go wrong and how could it have been prevented?
Well, first there was the discovery, almost a year ago, that millions of customers personal details had been exposed online after a massive security breach.
Then, to add insult to injury, the allegations of fake accounts where fembots impersonated female customers and engaged in message exchanges with unsuspecting male users. Rather sordidly, it would appear the company used these human-to-bot conversations to encourage male users to ‘spend more to get more’.
And, as if those betrayals weren’t enough, new Chief Exec, Rob Segal, acknowledged the untruth of former Chief Exec, Noel “King of Infidelity” Biderman when he boasted a $1 billion valuation of the company.
However, more sinful perhaps than any of these is the feeling that they may have taken a rather casual approach to the affair of information security, playing fast-and-loose with customer data.
In a recent interview with Reuters, apparently the first by any senior executive of the company since the breach, Segal and president James Millership, revealed parent company, Avid Life Media, has since hired cyber security experts at Deloitte. Their incident response team found “simple backdoors in Avid Life’s Linux-based servers.” Apparently it, “expects to reach the first level of Payment Card Industry compliance, an industry standard, by September”.
Yikes! When Segal admitted during the interview that “more could perhaps have been spent on security’, it could be considered a massive understatement!
Perhaps the revelation that the breach cost their parent company over one-quarter of its revenue and is now “spending millions to improve security and looking at payment options that offer more privacy” may reassure at least a few customers that they will be indulging in safer, protected ‘dating’.
Regardless, I’m sure Segal and Millership would agree that information security is now a hot topic, maybe even appearing slightly more sexy than before as the key to repairing their damaged business.
Prevention better than cure
There are obvious lessons to be learned and certainly, if you are looking for justification for your information security budget look no further!
It’s a great example of why an information security management system (ISMS) is so important. Indeed, there are also good reasons for following recognised ‘best practice’ standards, such as ISO 27001 and PCI:DSS.
An ISO 27001 implementation encourages a review of all business processes in relation to information security. It ensures you implement a comprehensive risk management process and, importantly, that you have incident management in place.
Whilst some are deterred by the costs of achieving and maintaining such accreditation, they pale into insignificance when you consider the woes of Ashley Madison.
Whilst we all know an ISO 27001 accreditation doesn’t guarantee an information security breach won’t occur, it does indicate a company has taken the matter of information security seriously and, in doing so, has considerably reduced the likelihood of a breach occurring and, indeed, it’s impact should one occur.
And how much easier would the Ashley Madison breach have been to deal with had a clear incident response plan been in place that included not just securing the systems, but exactly how to communicate to those concerned and to the media.
As a marketer, I can’t help but admire the indomitable executives of Ashley Madison who believe the name ‘will endure’. Apart from the sheer magnitude of costs, potential lawsuits and fines, they need to demonstrate a change in business ethics and information security culture.
Trust is difficult to earn back and brand reputation hard to repair!
If you’d like to talk to us about how to build or improve your information security management system using our UKAS accredited software, contact us today and let us arrange a demo!
Julia Heron is the ISMS Solutions Specialist for ISMS.online.