The Evolution of Hackers and Attack Vectors - Page 2

Pat Clawson
Hackers Aren't the Only Ones to Worry About: Insider Threats

It isn't just those well-funded bad guys outside the business that you should worry about, either. There are also numerous threats much closer to home - literally inside your business.

The risks posed by employees and trusted partners can run from out-and-out fraud to simple user error. Typically, both are caused by lack of controls and poor oversight of employee computer activities, and exacerbated by the consumer-grade mobility and collaboration tools that have permeated your work force.

Too many companies don't monitor employee interaction with intellectual property and sensitive data and they end up paying a steep price for their lack of verification.

Does your organization have a way of tracking how information is being copied and transported? Does it have a way of protecting the data at rest, in motion and in use?

Attack Vectors Continue to Evolve

The scary thing about cyber risks today is the companies that completely ignore security may have already been breached and don't even know it. The modern hacker's MO is not to make a splash attacking your infrastructure. No, they're more concerned with attacking you quietly and stealing as much data as possible, without your knowledge.

They start by continually running automated scans of the Internet looking for common vulnerabilities to stealthily exploit, no matter how big or small the company with those problems.

Then they come at you with malicious malware created to disrupt, deny, steal you name it. There are many different kinds of malware out there today and they are designed to cast a wide net, scouring the Internet for vulnerabilities. Regardless of the type, criminals can be in and out of your network without ever being noticed. 

They're not just attacking your Microsoft operating system. To a larger extent, they're going after just about any Web-based applications you use in the name of productivity. According to a recent report, among the top 50 applications installed on the typical endpoint, vulnerabilities increased 71 percent in 2010.

And this is only getting worse in this day and age of virtualization, cloud and mobile applications.

Chances are virtualization, cloud and mobile deployments have revolutionized the way your IT department delivers services to your business units. They certainly all offer businesses a ton of opportunity to cut down on capital expenses and operational costs.

While virtualization makes it possible for businesses to affordably deploy more computing firepower for less outlay in cash, with great opportunity comes great risk. Virtualization and cloud introduce a spate of operational headaches and security problems that many company CEOs, and even CIOs, fail to properly consider before they rush headlong into it.

Virtual Desktops

Take your in-house desktop virtualization deployments, for example. This is the first time in computing history that we can give people a virtual desktop and let them work without maintaining computing hardware. The problem is those virtual desktops are subject to whatever infections may be sitting on the host operating system and vice versa. Without specialized technology to protect those virtual images and prevent nasty viruses from swimming back and forth between the virtual host, you could have either one infecting the other. It gets messy very quickly.

Cloud Computing Risks

The issues around cloud computing are even more complicated because not only are these environments vulnerable to all of the risks presented by virtualization, but cloud-bound data is also outside your sphere of influence.

Anytime your data leaves the corporate bubble, you and your employees need to ask yourselves whether you have a contracted chain of trust with what is essentially the weakest link in the chain: your business partner. If you don't, you can bet you'll see that risk come back to haunt you-just like it did for the dozens of big brands impacted by the breach at email service provider Epsilon.

In the spring of 2011, this company was the weak link in the security chain for big corporations like JPMorgan Chase, Hilton, Disney and more. The hackers don't make their money by being stupid. In the case of Epsilon, they knew the best way to go after seven of the Fortune 10 was not to attack those enterprises' well-fortified data structures. All they needed to do was go after the weakly defended marketing firm.

Ultimately, protecting your data is up to you. You've got to take the necessary steps to educate and understand your security platform as a whole and the serious risks it can face, whether that be by random, espionage or a disgruntled employee. It's quite evident that the evolution of hackers shows no signs of stopping - hacks are just becoming more intricate, more intrusive and more costly and it's up to you to take a stand. 

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.