It’s No Secret - This is the Trifecta Most Cyber Attackers Rely on to Hit it Big
From Target to Sony Entertainment, mega-breaches have been making headlines all year. On the heels of a revealing exposé recently aired on 60 Minutes, the founder of Global Digital Forensics offers some expert industry insight and commentary about some tangible and achievable security goals that every business plugged into the cyber threat landscape that is today’s digital world should consider to help avoid becoming the next big headline story.
Last Sunday, November 30th, 60 Minutes ran a story about the banner year cyber criminals have been having and laid out some harsh statistics that should be on the radar of any business, corporation, organization or agency with a digital presence. The two that should be most troubling for any IT security personnel responsible for the security of digital assets were easily the volume of businesses that have been hit by a cyber attack, 97%, and the amount of time intruders were able to spend on average on a network before ever being detected, which came to almost two full thirds of an entire year, 229 days.
Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, has been helping clients do battle in the cyber trenches for over two decades and has seen it all unfold in the real world before. “We find evidence of intrusions, data theft, malware infections and every other cyber threat imaginable all the time, and it is often the case that there were not any noticeable events or signs which would have led to suspicion, they were only uncovered due to in-depth testing we performed for clients that called us for professional vulnerability assessment and/or penetration testing services. That’s why the single most important aspect of a strong cyber security posture is professional threat testing with regularity and frequency, the more often the better. Once a year should be the absolute bare minimum, but what businesses have to consider if they go that route is that they could very conceivably have an intruder stalking their network for basically a whole year, and if you think that average of 229 days seems high, consider that we’ve been called into situations where we discovered attackers had access for years until we booted them to the curb. So needless to say, testing quarterly is a much, much better bet.”
Size doesn’t matter.
“Sony Entertainment is just the latest casualty on the cyber battlefield with a high enough profile to make national news, but the truth is, devastating cyber attacks are a reality for many businesses each and every day. Most go unreported for fear of losing the trust of their customers, vendors and/or investors. And then there are those that have been breached and never knew it even happened, or worse, those that have been breached and have an intruder on their network right now, right under their noses, without even an inkling that every single digital asset and bit of data they control is at risk,” warns Caruso. “And without a doubt, in a vast majority of cases we see, attackers get their initial foothold on a network by exploiting the human element, not holes in technology.”
The not-so-secret secrets to hacker success
“It’s not like there are hush-hush industry secrets that cyber security specialists are keeping from the business community as to how cyber criminals manage to wreak so much havoc when everyone knows they are out there and constantly on the prowl. The trifecta they rely on? Trust, stealth and longevity,” says Caruso.
“Exploiting trust is the realm of social engineering, which only takes a hacker leveraging the trust of one individual, through a phishing email, by phone, on social media or any number of methods, which get them to divulge their credentials," explains Caruso. "Not only can this give a hacker keys to their own business network, but can also lead to a breach of other businesses by exploiting that trust relationship, like the Target hack that started when a heating and air conditioning vendor of theirs was breached, allowing hackers to leverage that “trust relationship” to infiltrate Target’s network to the tune of stealing 40 million customer credit card numbers.”
“Once they are in, hackers typically do everything in their power to remain undetected," Caruso says, "with the exception being hackers that want to make some kind of public statement, as may have been the case with Sony Entertainment when skulls started appearing on their screens heralding the attack. Being successful on the stealth front is also the most important ingredient to the most dangerous and potentially devastating aspect of a cyber breach, longevity. An intruder with long term access is bad news on so many fronts there is no way to list them all. It gives them unencumbered ability to steal, disrupt, damage, incapacitate and embarrass any victimized party at will at that point, all of which can dramatically affect any business’ bottom line, no matter how large or small they are.”
It's better to trust the view from the outside looking in
One other tidbit that should not go overlooked from the 60 Minutes piece is the fact that most of those mega-breaches were not discovered by inside IT personnel, they were detected by third-party cyber security specialists. Global Digital Forensics has the experience, tools and expertise to do the job for organizations of any size. From vulnerability assessments to help clients determine exactly what threats they are most vulnerable to, and in-depth testing to identify, neutralize and eradicate attacks and intruders, to a national network of emergency responders ready to respond immediately if the unthinkable happens, GDF can customize solutions and services to meet any client’s unique needs. So make the call. The call is free and so is the initial consultation – so the only way to lose is by doing nothing.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.