Something SMells Phishy...
You’re at your desk Monday morning sipping your coffee and sifting through your emails from the weekend when one in particular catches your eye. It’s from Steve, a business partner of 15 years, and, in his email he lets you know that they recently switched banks and will have a new routing number for payments going forward. He provides all the information and tells you to call if you have any questions. You go ahead and update your system with the new information and go on with your day.
A month goes by and you are once again enjoying your morning coffee when you get another email from Steve this time asking for payment on the latest delivery. You let him know you sent it over to the new routing number as requested in his last email and you even double check to confirm you entered the right number. About this time you are noticing that Steve’s email signature looks a little different than usual and you start getting that sick feeling in your stomach. Steve then replies letting you know they never changed routing numbers and that sick feeling turns to panic as you realize you’ve just been had.
If this story sounds familiar than you have likely been the target of a Phishing Attack and the sad reality is that attacks like this are becoming much more common. Phishing attacks are only one of the weapons in a hacker’s arsenal and it is more important than ever for businesses to be aware of the different methods utilized. The question then remains, with so many different types of cyber threats how can a company best protect themselves?
To answer that question it is important to first understand who these “hackers” are, what they are after, and some of the common methods they utilize. Network security is never cookie cutter but understanding these concepts will help you create a security roadmap that is best suited to your company.
Hackers, why do you do the things you do?
When asked to picture a hacker most people tend to conjure up images of a creepy man in a dark room, coming up with elaborate programs and viruses to take down their targets. In reality hackers do not fall into one specific category and they typically do not act alone. So who are these hackers and what do they want?
A hacker is defined as someone who utilizes their computer software and hardware knowledge to break down and bypass computer/network security measures. It is important to understand that not all hackers are malicious. Companies will often employ hackers to help build and protect their security network and others will use their abilities as a service to help companies identify holes in their network.  For the purpose of this article we will focus on the bad eggs, “black hat” hackers, who are responsible for giving hackers a bad reputation.
First let’s look at what motivates hackers to act maliciously as most will fall into one of two categories. The first and most obvious would be those seeking financial gain. Verizon’s data breach report showed that 73% of all reported breaches in 2017 were financially motivated meaning that the attack was aimed to acquire valuable data that could then be sold on the dark web for profit. Businesses are obvious targets for financially motivated hackers as they tend to have large databases filled with valuable information on their clients. These cases pop up in the news all the time with Marriott being one of the most recent and notable victims to date.
Though not as common as financial gain, the same report found that 21% of breaches were related to espionage. In this instance a hacker is searching for sensitive information that they could use to disrupt or harm an organization. Whether a personal vendetta or part of a larger agenda, it is easy to imagine the damage someone could do if they had access to your trade secrets. For instance do you think Coca-A-Cola would be a bit worried if someone were to steal their secret formula?
Whatever the motivation it is also imperative to consider who is behind these attacks. Contrary to popular belief, most attacks are perpetrated by groups as opposed to individuals. Organized criminal groups accounted for 51% of the breaches in 2017.  This fact should disturb business owners because it means that hackers are much more strategic and organized than we would like to believe. We need to stop treating hackers as the stereotypical one man outfit targeting one off businesses and start thinking of them as teams looking to hit as many companies as possible to gather maximum amounts of data.
Who Me? Couldn’t be…
When asked to think about companies that are most vulnerable to attack people tend to think big and that isn’t necessarily the case. Companies like Goldman Sachs or Amazon store immense amount of data and would certainly be a goldmine for any hacker, but the SMB market is just as vulnerable if not more so.
Larger companies recognize that they are at a much higher risk of cyber-attack and as such they typically dedicate a larger portion of their budget and in some cases set up entire departments for preventative measures. Small and medium businesses tend to fall into one of two groups that leave them more vulnerable. The first group recognizes the need for network security but doesn’t necessarily have the budget to afford it and the second tends to think they are too small to be a target and continue to operate with a ‘If it ain’t broke don’t fix it’ mentality.
For those wanting to stick their head in the sand consider this: A 2018 Cisco study surveyed 3,600 chief information security officers and found that 50% of all cyberattack victims were facing damages of over $500,000, 11% were looking at damages ranging from $2,500,000 to $5,000,000, and 8% were over $5,000,000. At the end of the day hackers are looking to make money and if they believe they can turn a profit off your data you are a target. 
The Hacker Toolbox
Now that you have an idea of who these hackers are and what they are after you need to be able to recognize some of their techniques. There are a plethora of tools at a hacker’s disposal but these are some of the most notable:
Malware: Malicious software designed to carry out or facilitate illegal online activities
- Worms and viruses are common forms of malware, but ransomware is something that is becoming much more prevalent. In these situations hackers are gaining control of a company’s database and holding it hostage until they pay a exorbitant fee.
Cyber-Espionage: Covert, illegal practice of investigating competitors, usually to gain a business advantage
- The most common form would be a phishing attack similar to the one in the introduction.
Denial of Service: Attack intended to compromise the availability of networks and systems
- The attacks are typically aimed at large organizations and the goal is to cause a problem that draws a lot of attention so that the hackers can infiltrate another area of the business during the confusion. A perfect example would be shutting down Amazon's landing page forcing them to focus their engineering resources on the repair while you slip malware into another part of their network.
Insider and Privilege Misuse: Any unapproved or malicious use of organizational resources
- This typically involves an internal party stealing confidential information for profit and can vary from selling the info directly to a competitor to using the information to start a competing business.
Payment Card Skimmers: Use of a physical device to record and store payment info
- Commonly seen when a hacker fabricates fake ATM components which are then mounted to real machines. Users typically cannot spot the fake components and end up operating the ATM as usual but they are unknowingly provider the hacker all their payment information. Typically an issue for banks and gas stations.
Web Application Attacks: Any incident in which a web application was used as the means of attack
- Many websites now have sign in applications allowing you to gain access to services or information. These applications have direct access to their respective databases and hackers use imitation web pages to gain access to their servers.
Point of Sale Intrusions: Remote attacks against POS terminals and controllers
- Similar to the card skimmers, POS intrusions target credit card information at various sales terminals throughout a business. Unlike the skimmers, this technique involves uploading malware onto the remote access server controlling the terminals which crawls the system searching for useful credit card data. Hotels had been primary targets in the past with the focus recently shifting to restaurants and small businesses.
Cyber Security to the Rescue!
Cyber protection can be quite daunting especially once you know all the threats that are out there so how do you start building your defenses?
As mentioned budget will always be a factor in implementing your network security so it is important to first identify where you need to focus your efforts. Depending on the company or industry different data will be more at risk or vulnerable for attack and you should identify those areas as priorities when planning your network. In a healthcare organization, for instance, hackers typically target the patients' health records so their client database should be the priority. A manufacturing plant, however, would want to protect their supply chain systems so their production is not disrupted.
Identifying areas of weakness is key, and once you have that you can start building your IT roadmap. This roadmap acts as the IT guide for your business and should include your initial security setup, standardize security protocols for employees, and plan future implementations to make sure you stay ahead of the curve.
Here are some basics that will go a long way in protecting your data:
- Patch Promptly – Ensure you are consistently updating any and all software
- Encrypt – If your sensitive data is properly encrypted it is useless to a hacker
- Back it Up – Don’t put all your eggs in one basket and KNOW where your data’s stored
- Train your Employees – Teach staff how to recognize and report common threats
- Password Policy – The word 'PASSWORD' as a password… Really? If this is currently one of your passwords call us now for your free "PLEASE HACK ME" sign. Have rules for creating passwords and schedule mandatory changes
- Need to Know – 25% of hacks come from an internal source , not everyone needs full access to the company’s system so be sure to limit access to only those who need it
- Don’t Forget to Lock Up – Even the greatest network security can’t stop a thief
Again, IT security is not a once and done deal. If you own a cell phone these days you know it will be obsolete within the next year or so and the same applies here. Just because you bought the greatest firewall and anti-virus today doesn’t mean it will help you tomorrow so be sure you plan for the future and ingrain security policies into your business.
At the end of the day, no matter how big or small, everyone is a target for hackers. They tend to be more organized and wide reaching than we think and they are constantly inventing new ways to attack us. Thankfully there is a lot we can do to combat them and much of it is rather simple so long as we make the effort to actually do it.
Know your enemy and their tactics and you can arm yourself against any attacks they throw your way.