In 'The Art of War,' Sun Tzu said, "If you know the enemy and know yourself, you need not fear the result of a hundred battles." You could say that cyber-security developers and hackers are at war with each other. Hackers are constantly trying to break into private networks, and developers are continually trying to keep them out. So naturally, one of the best ways to keep hackers out is to know what they are trying to achieve and how they go about doing it. If you know what they want to do and how they plan to do it, you can set up a counter to their efforts.
What are Hackers After?
Hackers, in general, tend to be after three things: information, control, and or money. A hacker will often obtain money by obtaining information and control to ransom data. So, security developers tend to focus on protecting the footholds that a hacker may try to exploit. However, there is one method that hackers use to try and steal money without the need for previous information or control, known as phishing. (Though, phishing is more successful the more prior knowledge they have about their target since they can tailor emails to look even more legit. You can find a more detailed article on phishing here.) Still, the short version is that phishing is when a hacker pretends to be a legitimate source to trick someone into giving the hacker what they want. This is usually done through fake emails, websites, or software designed to look like it belongs to an organization the victim trusts.
Information is one of the most valuable things a hacker can obtain. The more they know about their target, the more ammunition they have, which is why it is the first thing they attempt to get. Hackers want any and all information they can get; financial information can be sold, passwords can be used to hijack accounts, even things you would not think are important can usually be used by the hacker to gain some advantage. Social engineering is the idea that through deception, one could educate themselves enough about an individual to manipulate them into divulging confidential information to be used for fraudulent purposes. This could simply be guessing passwords based on pets' names or going as far as assuming an identity of someone the person already trusts for nefarious acts.
Once again, phishing is a tool of choice in the hacker's repertoire that helps them trick people into giving away more information than they should. The more commonly thought of a method for hackers to obtain information is spyware. As the name implies, spyware is a type of malware that allows a hacker to spy on the activity on your network. This can include the traffic sent across it to even the keystrokes of devices connected to it.
The stereotypical hacker action that everyone tends to think of is the control aspect. Hollywood has established the image of someone in the shadows rapidly typing at a keyboard, locking down all the computers in a facility. And while Hollywood likes to make it look far more dramatic than it does in real life, the consequences of a hacker breaching your network can end similarly. The most common form of this type of control that you see now is ransomware. In case you are not aware, ransomware is malware that encrypts the data on your network, rendering it unusable until the hacker provides a decryption key which, as the name implies, they will only provide if the victim pays a ransom. And one of the most common ways to distribute ransomware is through, once again, phishing.
But how do you protect yourself?
With this knowledge of hackers' goals, the question remains, how do you protect yourself from these hackers? You may have noticed a recurring trend in that hackers often employ phishing to fool victims into giving the hacker what they want. Since one of the hackers' greatest tools is trickery, one of our best tools to defend ourselves is suspicion and deduction. Anytime someone asks you to send them sensitive information digitally, verify that they are whom they claim to be. If someone asks you to follow a link, make sure it points to where it is supposed to and that the website is legitimate.
Of course, this is not the only step to take to protect yourself from hackers. You will also need to set up the usual suite of cyber-security software such as an antivirus program and a backup of your important data stored on an external device, preferably off-site.
The most important takeaway from this should be that cyber-security requires thought. Hackers are always trying to get around our defenses; you cannot just set up an antivirus program and hope it will be good enough; you have to consider what the hackers are trying to achieve and how to counter them.
If your business is not up to fend-off these threats daily, then you need better security.
Small-Medium Businesses are the main target for hackers.
Our comprehensive Network Risk Assessment will tell you exactly where your company stands.