Facebook goes down, why should you care?
If you haven’t heard, Monday, October 4th, saw Facebook, Instagram, and What’s App disappear from the internet
– literally erased. Understanding what happened may save your business one day and also make you aware of an Achilles heel that exists for every internet address. Let’s take a look at what happened.
Before we dig in, let me take a moment to explain, very basically, how internet addressing works. We all know what domain names are – facebook.com would be an example of one. But in the internet backbone world, facebook.com is meaningless. Instead, the internet attaches domain names like facebook.com to Domain Name Servers (DNS) addresses. A DNS address is an IP address like 126.96.36.199. This translation service happens for every domain name, every website. A good analogy for this would be referring to the Pentagon (facebook.com) as a location. We can find the Pentagon on a map, google it, refer to it, and everyone understands what we mean and where it is. However, the Post Office uses 1000 Defense Pentagon Washington, DC 20301-1000 (Domain Name Server). Well, what happens if that DNS record gets erased, hacked, changed? We all learned on Monday what it means to Facebook. In short, the internet doesn’t know where to send your facebook.com request, so you go nowhere, and reportedly the outage cost Facebook over $1Billion.
That’s what happened to Facebook – their DNS information was wiped out. As of this writing, the how hasn’t been released, but it’s quite likely a cyberattack, possibly from the inside.
Why does this matter to you?
Rumor has it Facebook employees were also locked out of office buildings since their IoT employee badges were tied to the facebook.com domain. It’s possible their phone systems were offline as well. Let’s consider Facebook almost certainly had redundancy built into this DNS dependency, and it still failed. Few of us do.
The ramifications for you are this – if you’re running web-based applications, or a website-dependent business, your operations are vulnerable to an event like this. Are you prepared? If you’re a healthcare facility, are you vulnerable to being taken offline from a DNS attack?
An event like this would fall under your Contingency Plan. If you don’t have one, we can help. Ask us about our compliance consulting services.
Be safe, click smart.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.