Hacks of Houston Astros, Butler University Put Network Security on Center Stage
Even though the Houston Astros have been the worst team in Major League Baseball for the last three seasons, one of the team's off-the-field accomplishments — its proprietary internal computer database — is now the envy of the rest of the league.
This system, known as Ground Control, allows the team's front office executives to centralize and exchange information about player contracts, scouting reports and statistics — all through one web address.
Yet, even as news story after news story praised Ground Control and general manager Jeff Luhnow, who is much of the brains behind the system, Luhnow himself spoke about his "low-level but omnipresent worry" around Ground Control — that the sensitive information it contained could be exposed. Given Luhnow's past work as a technology entrepreneur, his risk averse approach should come as no surprise.
In March, Luhnow told the Houston Chronicle that the team had insulated itself from risk by only giving employees access to the specific information they needed to make decisions.
Despite all these precautions, an outside hacker infiltrated Ground Control last month, revealing private conversations that the Astros had with other Major League Baseball teams. In the wake of the incident, Luhnow has said the team is working to upgrade its remote access security infrastructure and he, for the time being, has gone back to using a pencil and paper to take notes, just to be safe.
In acknowledging the "double-edged sword of technology," he said that other teams should also evaluate their own remote access security, because, in his words, "If it happened to us, could it have happened to other clubs?"
The Astros leak is interesting because it's thrust into the spotlight an organization whose network security practices generally aren't newsworthy — when was the last time you thought about how a baseball team secures its data?
Similarly, when was the last time you thought about how your college or university manages personal information about members of its community?
If you're a student, alumnus, or staff or faculty member affiliated with Butler University, the thought has definitely crossed your mind in the last few weeks, following news of a remote hack that targeted the school. The attack is believed to have compromised the personal information — birth dates, Social Security numbers and bank account information — of up to 200,000 people in the Butler community.
Although a suspect has been arrested, the investigation is still ongoing. Meanwhile, Butler has already taken steps to patch up its remote access infrastructure.
Enterprise-Quality Network Security — Not Just For Enterprises
Together, the high-profile hacking of the Houston Astros and Butler University show why it's important for every organization to think like an enterprise in constructing a network security plan. It's not just enterprises or retailers like eBay and Target that can be victimized and subsequently lose the trust of their customers if a breach occurs.
As more information about both hacks are revealed, many news stories will focus on preventative measures — and rightfully so. What they should say is that it's most important for a company to limit its network security vulnerabilities, and the best way to do that is through a comprehensive security framework that can secure every possible access point into your company. Attackers are persistent and creative — if they're unable to breach the first line of defense, they'll just keep prodding until they find a point-of-entry. Companies need a "kitchen sink" approach, from firewalls and VPN solutions that shore up remote access to rigorous employee training.
You'll notice we didn't mention Luhnow's temporary "pen and paper" solution. That's because it's important not to be scared away from technology in the aftermath of these types of incidents. They'll continue to happen, but with the right network security approach, your business will be spared the embarrassment and front page headlines that follow a hack.