On December 21, 2011 the Wall Street Journal reported that U.S. Chamber of Commerce was hacked. Many of the major media outlets are all re-publishing the report. But, if you look at the fine print you will discover that the attack occurred back in November 2009 and was discovered in May 2010. That left the Chamber’s 3 million company members uninformed and their information vulnerable for two years as the FBI and cyber investigators analyzed the attack.

It seems the attack used the tried-and-true strategy we see every day. An employee received a phishing or spearphishing email with a spyware attachment. The employee opens the attachment link not knowing that they have affected the network. The spyware is able to capture employees and/or administrators passwords to have unfettered access to all the accounts. Remember, IT is unable to identify a breach when a legitimate User Name and Password is entered.

Businesses are also subject to a Catch-22 thanks to the requests of cyber investigators versus the government’s privacy laws. When a company first discovers a breach the first instinct is to contact the authorities like the FBI or FTC that a breach has occurred. Typically these authorities want to do a full forensics on the attack to learn the sources and people responsible so they will request that the company NOT disclose the breach. This investigation can take months during which a company’s customers are unaware that any of their personal information is being compromised. When the authorities are finally finished and allow the company to notify their customers of the breach per the law, the company is then hit with lawsuits for delaying notification to their customers.

The costs that the Chamber is going to occur will probably be horrific. It has already been reported that they hired independent “cyber sleuths” and have destroyed serves and computers that are infected. What is still looming are the legal fees, lawsuits and government fines for the breach. The Ponemon Institute has identified the average 2010 company costs for a breach is $7.2M per incident.

What the Chinese hack should teach every company:

1. Train employees about email security.
2. Have strong passwords.
3. Use a multi-factor password manager like Power LogOn.
4. Implement secure email programs.
5. Before a breach occurs or is discovered have a recovery plan already in place that includes legal protections so you as the business owner don’t get multiple attacks on all of your castle walls.

Author's Bio: 

Founded in 2005 and headquartered in Ladera Ranch, California, Access Smart is dedicated to empowering businesses and consumers to securely regain control over their digital information. Access Smart offers unique, high-quality, integrated hardware and software packages that securely manage important data over wired and wireless networks, computers, Point-of-Sale devices, kiosks, and any other device that can accept and communicate via smartcard technology.

Security does not have to be cumbersome to be affective. That is why our products are designed using state-of-the-art security technologies but focuses on ease of use. Access Smart provides affordable smart card security solutions that have previously been available only to governments and Fortune 500 companies. Security should never be a luxury especially with rampant identity theft and privacy regulations.