“This is a constant battle for the government and our sensitive government computer systems,” a White House official said in a press conference. “It’s always a concern for us that individuals are trying to compromise systems and get access to our networks.”
The hack was purportedly executed by Russian cyber specialists. While White House officials have released a statement assuring the public there was no harm done - and no sensitive information jeopardized - it has left many concerned as to what they could expect next.
"I have pressed the administration to share details about what has happened and how the attack succeeded," Senator Tom Coburn of Oklahoma said. "I have yet to receive satisfactory answers. Let us seize this opportunity to work together to protect against this very serious threat to our national security and economy."
So what does this mean - that even one of the most heavily guarded servers on the planet is susceptible to hacking?
Network security is of utmost importance today, whether you’re an individual with seven different social profiles, or a company that has access to client credit cards. For companies and institutions, however, it is even more so imperative that there be a system in place to protect the hundreds, sometimes thousands of people who trust you with their information. In the White House’s case, that number includes the entire population of America.
Hacking of these large entities is on the rise. Earlier this summer, major retailer Target was the victim of such a hack - and the costs associated with the hack ran past the $300 million mark.
But what can they do? If a company like Target can get hacked - and even the White House - is there really a chance of anyone being safe?
The quick answer is to fight fire with fire: the best protection from hackers are hackers themselves.
Penetration testing has become an increasingly important practice in the corporate world. It’s the equivalent of checking the knob on your door after leaving the house to make sure it’s locked - sure you could just hope that you remembered, but why wouldn't you at least check? In layman's terms, they're essentially paid hackers who legally hack a company or institution's servers to try to find any weaknesses or exposed data in order to report back to the company itself, and diagnose ways to fix it. This is called a pentest.
There are two types of targets: a white box (where all the background and system information of the target is known) or a black box (where little to no information is provided aside from the name of the target). These tests can help assess computer security and determine which defenses worked and which ones failed.
Now, away from the minute details, the overriding point of this article is simple: to assert that the White House needs to conduct regular penetration testing. While Homeland Security is technically in charge of conducting safety combs and checking the ease with which White House servers can be hacked on a regular basis, this recent lapse in safety proves they need trained professionals for the job.
There are tonnes of companies who employ pentesting simply because they harbor a lot of financial data, such as retailers and financial institutions, like banks. These are often the targets of hackers because of the significant amount of money they have access to. Companies that use penetration testing can vary from schools like the University of Oxford, to global payment giants like Cardstream.
The White House hack shook a lot of people with it’s ease and effectiveness. Companies as small as mall boutiques and restaurants employ third-party pentesters to ensure their information is safe. The White House needs to follow suit - and up their cyber security, for everyone's sake.