Cardinals Hacking Scandal Exposes Larger Cyber Security Issues

The FBI and Justice Department are investigating whether or not officials associated with the St. Louis Cardinals gained unauthorized access to networks belonging to the Houston Astros, a rival baseball team. If the accusations hold true it would represent the first known case of corporate espionage through network hacking between professional sports teams, according to The New York Times. And it all happened because of poor password practices.

The cardinal rule of passwords: They should be unique, secret, and changed often. It appears Mr. Luhnow ignored these principles and simply reused the network passwords he used at the Cardinals for his new program at the Astros.

The Cardinals’ front office might have used Luhnow’s old Cardinals network password to access the Astros’ network after Luhnow’s departure. Through this access, the Cardinals could have obtained valuable inside information about the players the Astros are looking to recruit, potential offers and opened doors to poach desirable recruits with counteroffers — potentially changing the course of the season.

Most people associate cyber espionage or data breaches as a complex endeavor involving malware, Trojans, phishing attacks and teams of hackers that target “big business” and the government. That misconception is the result of the media’s focus on high-profile data breaches involving large corporations and government organizations, but the truth is that it is a larger problem that affects all organizations, both large and small.

Many small and mid-sized organizations have a limited understanding of the complex digital environments they’re dealing with and the repercussions of not properly protecting themselves against online threats: Cybercrime costs businesses $445,000,000,000 each year, with most of the damage done in the aftermath of an attack. Potential fines, loss of revenue, and hiring people to fix security issues can have a serious impact on a company’s bottom line, especially given the fact it takes an average of 32 days to resolve a single cyber-crime incident.

It’s critical that organizations recognize the importance of both the technical and human elements in establishing security solutions, procedures and policies, regardless of industry or size. To find out more about how Talley & Company has helped its clients with technology solutions that secure, protect, and enhance their businesses, give us a call today.