GoDaddy is denying it was hacked, but some in the security community are still treating it as another lesson on the importance of vigilance. The "hacktivist" group Anonymous earlier took credit for the hack, which serves as a reminder to organizations that multiple layers of protection are important.
"The service outage was not caused by external influences. It was not a 'hack' and it was not a denial of service attack. We have determined the service outage was due to a series of internal network events that corrupted router data tables," said GoDaddy's interim CEO, Scott Wagner, in a statement.
"Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again."
Protecting the Fortress
Tony Busseri, CEO of security and identity firm Route1, said Monday's outage at the giant site-hosting provider is merely the latest high-profile incident reminding that the potential threats we face from cyber attack are not going away -- they are getting worse.
He said it was important for the industry to examine the larger issue at hand: policy enforcement and management .
"What is certain is that organizations -- both public and private -- need to take drastic steps to protect their fortress," Busseri said.
"From government to business, let us assume that everyone understands and agrees on the need for data protection. However, very few organizations have looked at their policies and procedures to determine if their actual approach to protecting data is consistent with their stated approach."
A Security Shift
Busseri urges organizations worldwide to undergo a paradigm shift in security and identity management policies. His suggestion: adopt user-centric, preventive approaches to protect digital assets.
That may be strong advice, considering that most malware and breaches occur from vulnerabilities manifested during repeated remote connection to internal networks.
"The climate in which we work today suffers neither fools nor naivete; it demands that remote workers use a true, multi-factor authentication-based remote access solution," Busseri said. "This tried and true practice provides an easy-to-use security methodology to authorize users."
That tried and true methodology includes "something you have" and "something you know." The something you have could be a smart card, coupled with a private password or PIN that is verified against the smart card as the "something you know." (continued...)