If you're reading our blogs, chances are you will recall us emphasizing the fact that hackers have evolved through the years making it increasingly challenging to stay ahead of threats. Consider how much has changed since hacking began. You may recall a time when improvement/advancement of technology was the main motive for hacking. Unless you are part of an organization (like TechGuard) who employs certified, trained Cybersecurity Experts to perform services that detect gaps and vulnerabilities, odds are nowadays this is not the case. Hackers' motives have changed over the years but so has the profile of a hacker. Developing a deeper understanding of these two critical pieces of information will help you better protect yourself and your business.
Dating back to about 50 years ago, computers were expensive and not accessible to the general public. Early on, hacking had little to do with criminal behavior. Hackers were those who were curious and adventurous enough to go beyond the manual to explore the possibilities of new technology. Their motive was a hunger to learn more and to advance beyond the stated limitations. Back then, to be called a "hacker" was a badge of honor.
In the 80's personal computers started to make their way into many homes. The profile of a hacker begins to evolve from that heroic figure to a young coder who is hacking into big institutions. They often did this from their basement (hence the stereotypical basement hacker in a hoodie image). While there is no doubt this causes inconveniences and was illegal, the motive often amounted to nothing more than bragging rights.
In the modern age, our world thrives on constant connectivity. The attack surface has increased drastically; from cell phones to smart devices we are always online both professionally and personally. The new main motives are money and the advancement of political and/or personal agendas. No longer simply driven by curiosity, hackers are now operating on advanced levels, with advanced technology and well-formulated plans. The evolved hacker is a highly specialized, organized criminal or group of criminals prepared to use innovative tactics to gain access to what they want.
By the mid 2000's hacking came from organized criminals, state sponsored hackers, cyber terrorists and hacktivists. Examples of political attacks include the interference by the Russians in the 2016 Presidential Election or the Stuxnet virus. Hacktivists groups use their passion about certain beliefs to form an attack against a group that they disagree with. For example, a hacktivist group known as Anonymous attacked the Church of Scientology by flooding its servers with fake data requests. In this case, Anonymous wanted to force the Scientology website to take down a video of Tom Cruise endorsing them from their website. Other attackers are in it for the money. They hack into systems and benefit from their successful infiltration by demanding large ransom payments.
Attackers are often part of hacking groups and have very detailed plans that take several months or more to carry out. These attacks penetrate with deep infiltration and have extensive dwell times. You may be familiar with cloud ransom as an attack form. MIT suggests that cloud ransom attacks may be on the rise resulting in many large data breaches. One of the problems with cloud computing is that there is a shared responsibility for security between the cloud provider and the contracting company. The level of responsibility depends on the service model.
In addition, cyber-physical attacks such as those targeting electrical grids or transportation systems are a potential target. Older planes, trains and ships may be more vulnerable to an attack. Attackers use the attacks or threat of attacks as ransom. MIT also predicts the continued attacks on our voting elections.
There's several best practices your company can implement to increase security and mitigate risks. Although it can seem overwhelming, a few topics to consider are endpoint security, password management, security awareness course programs and penetration testing. Endpoint security requires you to look at the security of all the remote devices that access your corporate network. Password attacks are still one of the most common attack methods. They can be the weak human link to allow an attacker to gain access. Therefore, mandating that employees participate in an advanced security awareness program like TechGuard's is vital to protecting your organization.
Testing the security of your company and searching for vulnerabilities is crucial before an actual attack takes place. Penetration testing is an excellent way to be proactive and to remediate your security issues before they are discovered by a malicious actor. Dating back, penetration testing was referred to as Red team and Blue team assessments. They have been used by the military for years.
From heroic figures to mischievous basement dwellers to the modern day advanced cyber criminals; there is no doubt hackers have evolved right along with the everchanging cyber landscape. Hacking poses a great threat to all businesses across all industries. Unless you are a cybersecurity expert yourself, it is difficult to have a deep understanding of all of the possible threats and how they potentially impact your business. However, staying vigilant and being proactive by engaging in holistic security approaches that address people, process and technology offers the best protection of your company.