GoDaddy is denying it was hacked, but some in the security
community are still treating it as another lesson on the importance of vigilance. The "hacktivist" group Anonymous earlier took credit for the hack, which serves as a reminder to organizations that multiple layers of protection
"The service outage was not caused by external influences. It was not a 'hack' and it was not a denial of service attack. We have determined the service outage was due to a series of internal network events that corrupted router data tables," said GoDaddy's interim CEO, Scott Wagner, in a statement.
"Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again."
Protecting the Fortress
Tony Busseri, CEO of security and identity firm Route1, said Monday's outage at the giant site-hosting provider is merely the latest high-profile incident reminding that the potential threats we face from cyber attack are not going away -- they are getting worse.
He said it was important for the industry to examine the larger issue at hand: policy enforcement and management.
"What is certain is that organizations -- both public and private -- need to take drastic steps to protect their fortress," Busseri said.
"From government to business, let us assume that everyone understands and agrees on the need for data protection. However, very few organizations have looked at their policies and procedures to determine if their actual approach to protecting data is consistent with their stated approach."
A Security Shift
Busseri urges organizations worldwide to undergo a paradigm shift in security and identity management policies. His suggestion: adopt user-centric, preventive approaches to protect digital assets.
That may be strong advice, considering that most malware and breaches occur from vulnerabilities manifested during repeated remote connection to internal networks.
"The climate in which we work today suffers neither fools nor naivete; it demands that remote workers use a true, multi-factor authentication-based remote access solution," Busseri said. "This tried and true practice provides an easy-to-use security methodology to authorize users."
That tried and true methodology includes "something you have" and "something you know." The something you have could be a smart card, coupled with a private password or PIN that is verified against the smart card as the "something you know."
Who's the Next Victim?
"The global workforce is increasingly embracing teleworking and mobile computing, and for the most part, this shift is a good thing," Busseri said. "Providing employees with the required resources and access to work away from the office will increase productivity and allow an employee to better integrate life: career, family life and play."
Of course, he added, critical data of a sensitive and confidential nature should never be allowed to leave the safe and friendly confines of an organization's network perimeter or simply "beyond the network's firewall." This, he said, ensures that private files are not exposed to unauthorized access or unnecessary risk.
"Today's enterprises operate in a world where hackers and data thieves are equal-opportunity criminals. They are standing at the ready to steal our identities and most-sensitive information," Busseri said. "The organizations that do not accept this reality will inevitably find themselves as the next cyber attack victim making front page headlines."