Taking human error out of the hacker equation

Just take a moment to think about what you have stored on your phone…  Apart from details of all of your contacts; there will inevitably be family pictures, passwords, emails, and probably your favorite apps. Can you imagine the consequences if all of that valuable personal information was left vulnerable for hackers to steal?    

What if the manufacturer sent out an update to protect your phone from potential hackers, but you didn’t install it because your phone was turned off?  All of your precious personal information would be left vulnerable for hackers to exploit. This same scenario is what companies have to combat every day, except on a much larger scale. 

You’re in good company   

This year in particular has been notable for a number of ransomware attacks. In May there was a significant cybercriminal attack, which infiltrated systems globally through the exploitation of a vulnerability in Microsoft Windows systems.  The effects of the ransomware program – ‘WannaCry’ - was felt across 150 countries, and in particular by the NHS in the UK.  The systems of many large companies were held hostage and a considerable amount of data was compromised.  This attack highlighted the necessity for companies to ensure that their systems are regularly updated to avoid any repeat in the future. 

Companies of all sizes are subject to the ever-present threat of attacks from hackers. Given current trends, the potential of your company being hacked remains not a question of “if” but of “when”.  A 2015 survey revealed that, 90 per cent of large organisations in the UK had been breached, while 74 per cent of small companies said they had also been infiltrated.  However, smaller organisations are potentially more prone to breaches, as they have fewer resources to allocate to potential threats.    

Businesses are often more susceptible because proper measures have not been put in place to effectively combat and protect against significant attacks, such as malware or ransomware. A global business survey has also revealed that 9.1 per cent of UK firms have not acted to protect themselves from hacking. 

Definitely not the soft option 

There are two major levels of cyber-attacks, ranging from soft/medium grade attacks - such as phishing, or hackers receiving insider information from a disgruntled employee - to hard attacks.  These involve hackers gaining direct access to the information through breaking in, or hacking the firewall.   

There are specific gatekeepers to each level that can help identify and prevent potential hacks. However, much of the responsibility comes down to how you manage your electronic operations. 

Soft/mid-grade attacks are the more common form of hacking that companies face. The gatekeepers for this level of attack include the employees and the IT department. With this type of attack, hackers are able to enter into a company database through phishing or exploiting a known password schema to gain access into the system. 

Forrester’s 2016 Global Business Technographics® Security Survey revealed around 49 per cent of global network security decision-makers had experienced at least one breach over the past twelve months.  Soft/mid-grade attacks can be avoided by implementing employee education, such as online security courses that require a refresher every year. Other measures to stop such attacks include a vigilant IT department, having a strong rotating password in place, and ensuring that any suspicious emails or activity is addressed immediately. 

Another level 

The second and more extreme level of cyber-attacks are known as a hard attack. Malware, Ransomware, and Denial-of-Service (DoS) viruses are prevalent examples.  These attacks are more difficult to engineer as they require more leg work, with hackers having to search through code to look for various security holes.  They may even necessitate physical access to company buildings in order to retrieve the information needed to successfully breach a system.   

A recent survey found that software vulnerability is responsible for 42 per cent of attacks. These threats can inflict significant financial damage to a company. The majority of these threats exploit known software vulnerabilities.  For this level of cyberattacks, it is vital to keep the company’s software updated.  Immediate and frequent updates of security software, application of security patches, and better physical security are the best precautions a company can take to deter these intrusions.  The immediacy of these updates can sometimes be the difference between having to deal with a small, or non-issue; or instead dealing with an event which has major ramifications for data security and a company’s reputation.  It is therefore crucial that IT departments have the tools to update their software. 

Be more proactive   

Although educated employees and a strong IT department are crucial to keeping hackers out of a company’s data, these best practices and solutions, such as: anti-malware, virus-protection, and firewalls, are useless without the proper implementation.  It is important to stress that the real security holes are found when IT cannot update; or have not updated their equipment.  Machines that are in a low power state are typically unreachable and, as a result, unavailable for an emergency security update.      

Enterprise-wide, effective wake solutions are an investment that companies should make in order to ensure their networks are efficiently executing software patching updates.  Machines that are powered down will not receive or process updates sent out by IT departments until they are awakened. Implementation of wake software allows these machines to be awakened and alerted to the updates so that their systems can adapt and download the changes – thereby reducing their cyber vulnerability.   

Power Management solutions that include enterprise-wide wake help solve the waking issue as a complement to their function.   Companies using this technology have seen increased success in software updates; from about 60 per cent before the implementation of the wake solutions software to about 95 per cent success after their use.   

Being aware of the multi-pronged problems that arise as a result of software that is not being patched or installed is a major step in protecting your company from an attack, and of effectively ensuring the security of your information.  In the current cyber-attack climate it should be at the top of your critical tasks list. 

Jim Tatham, Senior Manager, Customer Solutions for Verdiem, an Aptean company 

Image Credit: Welcomia / Shutterstock