Is Ashley Madison's crime being caught with its servers round its ankles?

The owners of the Ashley Madison website have a reputational crisis on their hands and some might argue they got what they deserve.

How do you recover from a serious cyber-attack that has become public? asks Richard Elsen
How do you recover from a serious cyber-attack that has become public? asks Richard Elsen
The news that online cheating site had been hacked by a group calling itself The Impact Team caused smirks and raised eyebrows in equal measure worldwide. 

The data breach, confirmed by Avid Life Media which owns Ashley Madison and other similar sites, has left millions of subscribers at risk of having their personal details, including sexual preferences, released by the hackers. 

Avid Life Media was told to take its Ashley Madison and Established Men hook-up sites down permanently or face having all of its customer records published by the hacking group. 

For some reason Avid Life Media’s ‘Cougar Life’ site, which was also compromised, appears able to remain online – perhaps there is a form of hacker sexism at play here?

But away from the levity and titillation of the Impact Team hack, the case raises serious issues of privacy and reputation when your digital defences are badly breached. 

Any business where confidentiality and data protection are paramount dreads the prospect of falling victim to cyber-attacks. The damage to reputation can be devastating and costly. 

Financial analysts suggest that it could cost Avid Life Media its widely reported plan to float the business on the London Stock Exchange for up to £130m.

So how do you recover from such a serious cyber-attack that has become public? 

Firstly, apologise and be genuine with it, making the communication meaningful and real. 

In tandem, you need to reassure stakeholders very quickly that the breach has been repaired and that your cyber security systems are now more robust and effective than ever. 

Underpinning all of this should be protocols and comms plans that are put in place ahead of any such event occurring. 

Organisations that have no such plans leave themselves open to devastating damage and the prospect of self-inflicted and enduring pain that can kill the business when hackers pay them a visit.

But I also think Avid Life needs to demonstrate action of another kind. Its CEO, Noel Biderman, told the media that the company was close to confirming who the culprit was behind the cyber-attack. 

The company should exercise its legal options and resort to civil and criminal remedies against the perpetrator. This would send a strong signal to other would-be hackers.

Nobody knows the true scale of hacking and cyber-attacks globally and the cost to businesses. Understandably most victims are reticent. 

We usually only hear of major attacks because the hackers themselves publicise them, as The Impact Team did with Ashley Madison. 

But perhaps the bigger crime is not to be ready and able to react effectively when your servers are caught with their trousers down – and while it might sound harsh, some would say that your business deserves all that it has coming to it.

Richard Elsen is the chairman of Byfield Consultancy

Would you like to post a comment?

Please Sign in or register.