If you were ever inclined to think that criminal computer hackers were more nuisance than mortal threat to companies and the careers of their senior executives, the events of the past week should quickly change your mind.
If there’s anything C-level executives at companies of all kinds can learn from the devastating hacking attack against Ashley Madison, a site for arranging extramarital trysts, and its parent company, Avid Life Media, it is this: Hackers can cost you your job.
Avid Life CEO Noel Biderman is only the latest in a slowly accumulating collection of senior execs who have lost their jobs after high-profile hacking incidents on their companies or organizations.
There will doubtless be many more.
In February, Amy Pascal, the longtime head of Sony Pictures Entertainment, lost her job as chairman of the movie studio after a hacking attack late last year, which the U.S. government blamed on North Korea, led to the disclosure of a series of embarrassing emails. Pascal’s boss Michael Lynton, who was more circumspect in his online communications, kept his job.
But that did not matter after a breach of the payment systems of retail giant Target cost CEO Gregg Steinhafel his job. And then Katherine Archuleta, the director of the U.S. Office of Personnel Management, was forced to resign last month after an attack by a group of hackers in China made off with a massive trove of personal information on federal employees, including many key intelligence operatives.
The attack on Avid Life could arguably turn out worse in some respects. Each of those other organizations has survived after their breaches, because they had businesses that continued to run despite the attacks. While the Sony incident was one of the biggest stories of 2014 and certainly singed Sony’s brand and reputation, the financial damage was relatively minor. And neither Target nor the U.S. government seemed likely to go out of business.
Avid Life may not be so lucky. Once its confidential business data was exposed and analyzed by Gizmodo and others, fundamental cracks in the façade of its strategic business plans were laid bare, which can’t help but interfere with its plans to raise capital in the future. The Canadian company had sought to raise as much as $200 million in an initial public offering in London, having previously abandoned plans to float one in Toronto.
Hackers, who are sometimes motivated by the chance to one-up those who have come before, will be looking for new targets; the bigger and more prominent, the more attractive those targets will be. If that doesn’t scare you, then you’re just not paying attention.
There are lots of details that we still don’t know about what happened in the Ashley Madison breach. We don’t know who the attackers were or how they got in. Competing theories suggest an insider may have been involved or that the attackers might have first had an account on the site and then discovered weaknesses that they then decided to exploit. Stronger security on customer accounts and two-factor authentication for all employees might have made a difference, or at least would have made the attack more difficult to carry out.
However they got in, another obvious step appears to have been missed at Avid Life, and at Sony before it. Sensitive business data — whether it’s email or PowerPoint decks about new product plans — should be encrypted. Done right, encryption makes sensitive data practically useless to an attacker, even after they’ve broken into a system.
The wrong time to figure this out is after your data has been dumped on a torrent site for all the world to examine, as Avid’s was this week. Just ask Noel Biderman.
This article originally appeared on Recode.net.