Successful corporate entities are delivering reliable products and services every day. They have thousands (if not millions) of employees, and their year-over-year increases in revenue indicate unprecedented growth and overall profitability. Everything is awesome, until they get hacked.
The topic of enterprise cyberattacks is becoming more and more prevalent in the news. One of the most recent cyberattack victims is HBO. The television network is working diligently to uncover how the hack happened, manage blackmail threats and protect stolen information, which includes the last season of the award-winning series Game of Thrones.
Details about the initial breach and overall impact hit media outlets quickly, but information about how these types of cyberattacks happen usually take more time to uncover. But why? Don’t the employees managing confidential consumer data have government level security clearance and access hardware and software systems through biometric authentication? This isn’t a major motion picture, so the answer is no.
Corporations have business, ethical and legal responsibilities to offer a certain level of security. Some organizations proactively implement rigorous security solutions, while others are satisfied with their decade old systems. Regardless of the software and hardware, there are no secure systems, only more or less penetrable systems.
Outside breaches are rare, internal breaches more common
Cybersecurity is a confusing topic to many people because it is often presented in an overly complex way. A cyberattack is an act of espionage that can result in a crime and pin point operational and business vulnerabilities. Attackers need just one point of entry to begin wreaking havoc. The initial target can be anyone in or connected to an organization. This could be a intern, CEO or third-party vendor.
The investigation into Target’s data breach in 2013 determined that cyberattackers gained access to the company’s computer gateway server through credentials stolen from a third-party vendor. The hackers did not use the credentials to physically enter a Target store, they used them to get access to internal networks. This rudimentary intrusion tactic affected more than 41 million customers and cost Target $18.5 million in damages.
A cyberattack can happen to any organization, big or small. Email is one of the most used channels for cyber terrorists to connect with their victims, though there are several other tactics cyber terrorist can deploy on corporations. Some of these common tactics organizations should safeguard against are:
- Operational pattern observation
- Equipment interference
- Browser based penetration
- Traffic disturbance
- Mobile assault
- Network recognizance
- Physical parameter infiltration
IT and physical security don't always align, communicate or sync
Organizations need to use a multi-layered, in-depth defense approach with strong security practices that integrate policy, people, regulations and technology. Security 101 strongly recommends actively identifying key assets and allocating ample budget to protect them.
The hacker community is deeply rooted in skill and funding. Mitigating all security risks is nearly impossible, but proactive planning and integrated solutions that unify physical security with IT infrastructure is a step in the right direction.