Taking Human Error Out of the Hacker Equation

May 02, 2017

Posted by Jim Tatham

Cyberattack, Hackers


Think about the vast information you have stored on your phone: contacts, family pictures, passwords, emails, and your favorite apps. What would happen if that information were left vulnerable for hackers to obtain? What if the manufacturer sent out an update to protect your phone from potential hackers, but you didn’t install it because your phone was turned off? All of your precious and personal information would be left vulnerable to hackers wanting to steal and use that data. This same scenario is what companies combat every day, except on a larger scale.

Companies at every level have to combat the possible attacks of hackers. In today’s world, the potential of your company being hacked is not a question of “if” but of “when.” According to a 2015 study by Duke University and CFO Magazine Global Business Outlook Survey, hackers have successfully infiltrated more than 80 percent of U.S. companies. Smaller organizations are more prone to breaches, as they have fewer resources to allocate to potential threats.

Businesses are often more susceptible to these attacks because proper measures have not been put in place to effectively combat and protect against significant attacks such as malware or ransomware. In relation to the various attacks that companies may see, there are two major levels of cyber-attacks.

Breaking down what’s out there

Cyber-attacks can range from soft/medium grade attacks such as phishing or hackers receiving information from a disgruntled employee to hard attacks that require hackers to get direct access to the information through breaking in or hacking the firewall.

There are specific gatekeepers to each level that can help identify and prevent potential hacks. All in all, a lot of the responsibility comes down to how you manage your electronic lifestyle.

Soft/mid-grade attacks are the more common form of hacking that companies face. The gatekeepers for this level of attack include the employees and the IT department. With this type of attack, hackers are able to enter into a company database through phishing or exploiting a known password schema to gain access into the system. These attacks can also happen due to insider information from disgruntled employees given to hackers.

Forrester’s 2016 Global Business Technographics® Security Survey revealed that around 49% of global network security decision-makers reported they had experienced at least one breach over the past 12 months. Soft/mid-grade attacks can be avoided by the implementation of employee education such as online security courses that require a refresher every year. Other measures to stop such attacks include a vigilant IT, having a strong rotating password in place, and ensuring that any suspicious emails or activity is addressed immediately.

The second and more extreme level of cyber-attacks are known as a hard attack. Malware, Ransomware, and Denial-of-Service (DoS) viruses are examples. These attacks are more difficult to engineer as they require more leg work. Hackers are searching through code, looking for various security holes, and may even necessitate physical access to company buildings in order to retrieve the information they need.

A recent Forrester study found that software vulnerability is responsible for 42 percent of attacks. These threats can inflict significant monetary damage to a company. The majority of these threats exploit known software vulnerabilities. For this level of cyberattack, it is vital to keep the company’s software updated. Immediate and frequent updates of security software, application of security patches, and better physical security are the best precautions a company can take to deter these intrusions. The immediacy of these updates can sometimes be the difference between a small or non-issue and a major issue; it is crucial that IT departments have the tools to update their software.

Becoming more proactive

Although educated employees and a strong IT department are crucial to keeping hackers out of the company’s data, these best practices and solutions, such as anti-malware, virus-protection, and firewalls, are useless without the proper implementation. The real security holes are found when IT cannot update or have not updated their equipment. Machines that are in a low power state are typically unreachable, and, as a result, unavailable for an emergency security update.

Enterprise-wide, effective wake solutions are an investment that companies should make in order to ensure their networks are effectively executing software patching updates. Machines that are powered down will not receive or process updates sent out by IT departments until they are awakened. Implementation of wake software allows machines that are powered down to be awakened and alerted to the updates so that their systems can adapt and download the changes that help to lessen their cyber vulnerability. Power management solutions that include enterprise-wide wake help solve the waking issue as a complement to their function. Companies using this technology have seen increased success in software updates, from about 60 percent before the implementation of the wake solutions software to about 95 percent success after the use of this software.

Being aware of the multi-pronged problems that arise as a result of software not being patched or installed is a major step in protecting yourself from an attack against your company and ensuring the security of your information.