A look at Hackers potential impact on businesses and organisationsPosted by SecurityAuditTeam on Aug 21, 2015 in Security Blog • No comments
It is a fact of modern life that a great many modern businesses and organisations will have already been hacked by unscrupulous criminal networks! What you may not know is that either individuals or government agencies acting for entire nation states have also recently been implicated in these criminal activities!
These data breaches occur worldwide every day of the week 24/7 and show no signs of abating anytime soon. Security breaches are also not necessarily something that most companies would want to make public. This is because there is, of course, a major potential issue should your banking, credit card or other details come into the hands of a criminal enterprise or foreign government.
The world’s biggest data breaches have been truly enormous in scale. In 2014 eBay lost as many as 233 million personal details including names, telephone numbers, post and email addresses, passwords and even dates of birth!
It is thought that this particular eBay data breach was facilitated by a small number of its own employees passing details to hackers thereby allowing them to access an eBay database containing their user’s personal details. Once the hackers had gained access they simply copied the valuable data with the intention of subsequently using it for nefarious activities. The basic fix for this was for the affected users to simply change their passwords, nothing much was ever mentioned regarding the involvement of the company’s own employees!
Hacking shows no signs of abating anytime soon
Remarkably, these cyber-attacks are showing no signs of diminishing and, at least according to some reports, are still actually on the rise! There is a fascinating online infographic overview of the world’s largest data breaches which shows all reported worldwide hacks that have resulted in more than 30,000 records being stolen since 2004.
Organisations need to recognise the importance of protecting themselves from hackers
Sadly most organisations still fail to recognise their security vulnerabilities and the reality of the current situation that we all face. Robert Mueller, who was the director of the US’s FBI (Federal Bureau of Investigation) until he retired last year, said the following:
“There are only two types of companies, those that have been hacked, and those that will be.”
It may seem that no matter how much time, effort and money businesses and organisations put into defending their IT infrastructure, the hackers will always somehow find a way in. Organisations must also recognise the fact that cyber-attacks can come from all sorts of different angles too. Here are some of the main routes facilitating hacking attacks, there are many more:
- Holes in core software that have not been patched by software vendors, often simply because once they are aware of the defects, they take time to develop a patch to roll-out.
- Malicious insiders making use of and abusing their privileged status, as was the case with the eBay example above.
- Failure by employees to follow best security practices due to lax corporate governance and IT procedures leading to an IT security breach.
- Lack of adequate or out of date antivirus and firewall software.
Understanding the problem of cyber-crime and hackers
Companies and organisations must first understand that there is no such thing as ‘perfect IT security’ and therefore understand that simply relying on, for instance, antivirus software is not enough to combat the issue.
Most realise that in the physical world, it is necessary for businesses, such as retailers, to take serious risk management steps to protect their assets such as stock. This would most likely be achieved by the utilisation of security guards, burglar alarms, loss prevention officers, CCTV surveillance cameras, effective locks and secure entry mechanisms combined with physical barriers.
These steps are taken by most sensible organisations because they know that, given the opportunity, criminals will steal from them! This is a simple fact of life in today’s world!
Any organisation’s attitude to protecting themselves from hackers using cyber security measures ought to be addressed in exactly the same way. IT security is really no different from security in the real world. It is of vital importance that professional organisations keep a close eye on any possible IT security breach, whatever direction it may come from.
The potential impact of cyber-crime
Cyber-crime can lead to organisational losses that are orders of magnitude more significant than other security related losses.
Target Stores, a leading US retailer, recently reported that up to 70 million of its customers had been affected due to software that was slyly loaded onto its point of sale terminals. These machines are used in store to scan their customer’s credit card details! This data breach meant that in addition to credit and payment card details, customer’s names, addresses, phone numbers and emails were also stolen! This ultimately resulted in tens of millions of credit cards being reported as stolen which all needed replacing at a significant cost to the card issuers!
So far Target has reached an agreement with credit card company Visa over this data breach and is reportedly reimbursing them with $67 million. They had previously offered to reimburse MasterCard, another credit card issuer, with $19 million which was rejected at the time. The banks are still in fact pursuing the company for a satisfactory settlement of any monies that have been lost!
Other data breaches have also taken place recently against leading retailers such as Home Depot in the US and, in the UK, against TK Maxx and Carphone Warehouse in a data breach where 2.4 million customer’s personal details were stolen.
How can organisations protect themselves from hackers?
There are numerous tools and techniques that organisations really should prioritise to ensure that their IT infrastructure and website are as safe as possible from the attentions of hackers. These include performing regular website security testing and website penetration testing. Security Audit Systems can help with their advanced proprietary suite of penetration testing tools.
It is also possible to provide additional manual checks which will lead to enhanced website security and improved IT infrastructure resilience in the face of unwanted hacking attempts.