Impact of Leaked CIA Documents on Businesses

The recent leak of 8,000 pages of CIA documents has exposed the tools and methods used by the agency to surveil and capture information from smartphones, TVs, routers and other devices. Aside from the obvious national security implications of this leak, its impact on businesses of all types and sizes could be enormous if IT departments do not pay close attention.

Although no actual code has been exposed in the leaked documents, there is enough information to give cyber criminals clues about to where to look for vulnerabilities in various products and how they can be exploited. The documents even include notes on attack concepts, required materials, test procedures, and bug fixes. Some attacks can be launched remotely over an Internet connection to targeted devices, while others require physical access to targeted devices for the insertion of malicious code.

At the same time, the revelations have kicked off a flurry of activity among manufacturers to fix the flaws in their products. Apple claims that many of the vulnerabilities described in the CIA documents had already been fixed in its latest iOS version released in January. Microsoft, Google and Samsung have promised fixes based on a thorough analysis of the CIA documents.

This means IT departments must give priority to the flood of upgrades and patches that are sure to come throughout the year, particularly if they permit the use of personal devices in the workplace under a BYOD policy.

Even with Apple’s meticulous attention to security, it says 80% of its iPhone users have the latest release of its iOS. This leaves a very significant 20% of iPhones that remain exposed to attack – an unacceptable margin of vulnerability for any business and proving once again that the human element is the weak link in any effort to keep networks and systems safe from predators.

This statistic alone should compel enterprise IT departments to be proactive with regard to BYOD management and security policy enforcement. For smaller companies without such tools and policies in place, it would be a good time to start looking for a technology partner that can plan, implement and maintain a robust security regime that includes mobile devices.

Don’t leave your business unprepared to deal with the next wave of cyber criminal activity. DataLink’s security experts know what to do and are ready to help. Contact us today: 410.729.0440 or