• United States



Contributing Writer

NASDAQ Hacked!

Feb 07, 20112 mins
Cisco SystemsData and Information SecurityData Breach

Yet another example of cyber security vulnerabilities

In a weekend highlighted by banal football chatter, a critical news story received minimal attention. Beyond Packers, Steelers, and new Bud Light commercials, the Wall Street Journal reported a security breach of NASDAQ last Friday. Apparently, hackers penetrated the NASDAQ OMX Group which runs a service providing “secure” communications between public companies and their boards. The target application known as “Directors Desk” is a privately-run collaboration system for corporate mucky-mucks.This breach is yet another example of what cyber security is all about. These guys knew what they wanted (i.e. insider information) and found a way to get it. I read through a number of stories about this breach and none of them indicated when this breach took place. The bad guys could have been intercepting confidential communications for months or years. Imagine how much money you could have made if you had access to board of direction-level banter for the past 6 months? That’s likely what took place here.In the recently-published ESG Research report, “Assessing Cyber Supply Chain Security Vulnerabilities Within the US Critical Infrastructure” (available for free download at, 68% of the critical infrastructure organizations surveyed had experienced at least one security breach over the past 12 months. As of Friday, we can officially add NASDAQ to this list. I hope that this breach scares the heck out of CEOs, corporate boards, Wall Street, and congress. Many public and private organizations are sitting ducks in an increasingly insidious cyber security landscape.Does anyone else hear a ticking time-bomb?

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author