The IMF has now been hacked. (Apparently by a foreign government). I read this in the NY Times article -
Because the fund has been at the center of economic bailout programs for Portugal, Greece and Ireland — and possesses sensitive data on other countries that may be on the brink of crisis — its database contains potentially market-moving information. It also includes communications with national leaders as they negotiate, often behind the scenes, on the terms of international bailouts. Those agreements are, in the words of one fund official, “political dynamite in many countries.” It was unclear what information the attackers were able to access.- and had two immediate thoughts:
1) How could it be unclear what information the attackers were able to access? Don't they have logs? And if the logs were vaporized, don't they have clever digital forensics experts who can figure out what happened? This is the IMF for pete's sake.
2) All the data stored in these databases was encrypted with strong encryption, right? Oh, and all the traffic from client computers to the database was encrypted, right? And they keep a tight access control list, right? Right?
If you follow good practice to begin with, you don't have to worry quite as much when you're hacked. But so few organizations do, which is really depressing.
I used to bemoan the lack of good practice to friends who do work in this field, and they would chuckle and said, "Look, FCS, if you want to protect your data, write it on a slip of paper, burn the paper, dig a hole 10 feet deep, and put the ashes in the hole. Or better yet, don't write it down in the first place."