If you hear the term ‘hacker’ and this is what you picture:
Your definition is as outdated as many business’s cybersecurity.
Hacking has evolved far beyond the teen in his basement image from movies and popular culture. It’s no longer one guy furiously typing with multiple monitors flashing numbers and letters. It’s just not that hard for hackers to get into networks these days. In fact, according to the Harvard Business Review, 60% of the time, an unwitting employee leads the hackers right in.
That’s why it’s important for all employees at your business, from the CEO, to the head of IT, to a temp brought in for seasonal work, to understand how hacking has evolved. Small and midsized businesses are more at risk today than ever before.
Here are three characteristics of a modern hacker you need to know:
Modern Hackers are sophisticated
As we mentioned, the term hacker no longer applies only to the single criminal working from a basement. Hacking has become an organized, sophisticated operation that’s adopted many of the same corporate strategies your workplace employs.
These strategies allow even a novice hacker to cause significant damage both to your finances and your reputation. One of most devastating tools they are employing is ransomware as a service. Basically, higher level hackers sell licenses for software. Novice hackers can then purchase these kits and send them to victims. Once they’ve tricked the victim into clicking, the software freezes the computer or server until the company pays a ransom (like the Mecklenburg County Ransomware attack).
Ransomware as a service also offers a helpdesk. It works just like any helpdesk you and your employees are familiar with – where the novice hackers can call, IM or email if there are issues getting the ransomware to work.
Because of these tools, hackers are able to exponentially multiply the reach and number of attacks. According to Fortune, attackers were able to attempt to penetrate one network more than 100,000 times over seven months.
There are also a variety of tools readily available on the Internet, even from retailers like Amazon, that hackers can use to trace and record keystrokes on your computer, or hack and impersonate a wireless network.
Modern Hackers are focused on people more than the computer system
While the hacker’s ultimate goal is to gain access to your server/network/customer or employee data, their focus is much more on the people at your business than you might think. The past few years have seen the rise of Social Engineering tactics, especially in Phishing and Spear attacks.
As the amount of information about us explodes online, so does a prosperous mine from which cyber criminals can easily learn about you. They can then in turn use this information to craft emails, website ads, and even social media profiles that will lure you in with surprising ease. Take a look at this video to see just how easily it’s done.
Modern Hackers are targeting small and mid-sized businesses at an alarming rate
Many small and midsized businesses feel they are ‘safe’ because they think they don’t have as much data, or data that could be as valuable as larger enterprises like Target or Bank of America. To debunk that myth, we need only refer you to the fact that the hackers behind the Target breach of 2013 that affected 41 million customers gained access through a much smaller 3rd-party vendor.
- 58% of malware attack victims are categorized as small businesses. Verizon 2018 DBIR
- In 2017, cyber attacks cost small and medium-sized businesses an average of $2,235,000. - Ponemon 2017 State of Cybersecurity in SMBs
To stay ahead of the modern hacker, you need to make sure you have a network that is not just modern, but future-proof. But what does that mean? And how can small and midsize businesses afford it?
The Network Team is hosting an informational event at TopGolf Charlotte to help answer those questions and more. Seating is limited, click here to reserve your spot today.
According to a new report from security firm Coronet, Charlotte Douglas International Airport is one of the top 10 airports where your phone is most likely to be hacked.
The Airport Wifi Security report looked at data from more than 250,000 devices at the 45 busiest airports in the US. Researchers analyzed the vulnerabilities in the Airport Wi-Fi ssecurity networks as well as in a variety of devices. They then assigned each airport a threat score, with any score above 6.5 considered unacceptable.
The top 10 list includes:
- San Diego International Airport, San Diego, CA (Score: 10)
- John Wayne Airport-Orange County Airport, Santa Ana, CA (Score: 8.7)
- William P Hobby Airport, Houston, TX (Score: 7.5)
- Southwest Florida International Airport, Fort Myers, FL (Score: 7.1)
- Newark Liberty International Airport, Newark, NJ (Score: 7.1)
- Dallas Love Field, Dallas, TX (Score: 6.8)
- Phoenix Sky Harbor International Airport, Phoenix, AZ (Score: 6.5)
- Charlotte Douglas International Airport, Charlotte, NC (Score: 6.4)
- Detroit Metropolitan Wayne County Airport, Detroit, MI (Score: 6.4)
- General Edward Lawrence Logan International Airport, Boston, MA (Score: 6.4)
The safest airports, according to the report, include Raleigh Durham International, Chicago-Midway International, Nashville International Airport, and Washington Dulles International.
Hackers could use the network vulnerabilities to access cloud apps such as Gmail, Dropbox, or Microsoft Office 365, like they did for this travelling businessman. They could also deliver malware to the device that could end up in your network.
The Network Team offers unique to the market all-inclusive security packages to cover all layers of cybersecurity. Learn more about them here.
Before I quote any 3rd party to convince you of my position, let’s start with some questions. Answer from your point of view, assuming you have a mobile phone and at least 1 computer.
Which one travels the most and is on the greatest number of networks?
Which one has security software installed on it that creates reports sent to you and/or an administrator?
Which one is left turned on the most?
Which one gets used for transactions, information sharing, and sits near you at meal time?
Which one has a camera that takes pictures and saves them to servers all over the world that you can’t even identify?
Am I done yet?
The amazing thing is that you aren’t done yet. Despite all these known vectors in which a mobile phone can be attacked and controlled, our mobile devices are perhaps the least likely item that we pay for security service for. They should be the one we pay the MOST for.
Now, some of the findings, care of our friends at Verizon, from the 2018 Data Breach Investigations Report.
"As mobile devices often provide privileged access to the enterprise environment and hold two-factor authentication credentials, these classes of malware and device-based attacks can result in more damage than adware or click fraud. The potential for these infections does exist, and a common vector is the use of phishing/SMiShing and other social attacks that entice the mobile user to download applications outside of official platform marketplaces."
Yet, some of you will continue to say, “my phone is safe-it hasn’t failed me, yet.” If this is your position, then there is nothing to add to the conversation. Cyber Pearl Harbor is in your future.
You don’t need a Cyber Pearl Harbor to invest in protection your assets and your devices. Call us for help.
You have heard the phrase, “it takes a village” with reference to raising a child. With cybersecurity now impacting all lines of business productivity, customer trust, and financial well-being, we can now make the claim that IT cybersecurity takes the village to maintain and support.
Imagine a world where your front line people are getting shot at by high-powered weapons all day, and each bullet has only a 0.1% chance of finding the target and killing them. I would say, without any facts, that they appear to be well protected.
What if they are being shot at 100,000 times per day. 0.1% means that they will get hit 100 times a day, and probably die.
It takes a village to be cybersafe. What does that mean?
Everyone in the company should have an unobstructed path that includes incentives for communicating security holes. Too often, IT folks and leaders treat a “concerned employee” call as something along the likes of a false fire alarm.
That is not OK.
People should feel empowered knowing they can pull the fire alarm and there will be an orderly event that keeps everyone safe. If their own safety is compromised by reporting, there is no way that they will take your safety seriously.
Everyone should get their level of cybersecurity expertise checked frequently, no differently than police officers and fireman are drug screened. It just makes sense, for it only takes one errant click to create a security incident.
Everyone who interacts with the system should feel informed about what their company’s security policy is, and why they have it. If they don’t know, they won’t care, and if they don’t care, their compliance is at risk.
Your network needs to be smart, up to date and be as matter of factual as you speed dial for your babysitter. Or, for your network security guy.
The Network Team has an incredibly low-cost option to help train your employees in cybersecurity. Call us. Your network needs a plan and a thoughtful implementation that includes fire alarms and drug testing.