A Look Into Cybersecurity Part 1: An Overview

Welcome to the future.  The world only dreamed of in such 1995 thrillrides as Hackers and The Net has come to pass, with (ever-so-slightly) less jargon and technobabble.

This world, of course, is the world of hacking and cybersecurity.

In 2018 – 23 years after these poorly aging masterpieces hit the screen – cybersecurity has become a front-line concern for both individuals and companies.  The number of potential attack vectors increases by the day, and each week major companies are forced to go public with embarrassing information leaks, eroding public trust.

Remember Equifax?  Well, just recently a Florida-based firm named Exactis was in hot water after making a database accessible from a public serve, exposing nearly 340 million personal records. 

This is nearly twice as many records as Equifax – and if that number sounds familiar, that's because it's almost exactly the population of the United States.

That's right – Exactis may have just leaked phone numbers, home addresses, email addresses for the entire country.

How Is This Still Happening In 2018? 

Well, it turns out that cybersecurity is hard!

The more utility that is put into a system, the more compromises have to be made.  If IT security was the undisputed number one priority, every computer would be disconnected from the internet and physically guarded day and night by armed goons.  The fact that this hasn't happened suggests that cybersecurity is not, in fact, the undisputed priority.

Instead it is one factor among many, requiring the education of end-users, the structuring of information systems and hierarchies of access – all of which need to be balanced with the system's utility, speed and reliability.

Beyond that, everyone is being tested now.  Small businesses are not immune in an age where no one is anonymous – over 50% of business reported successful attacks on their data in 2018, and breaches are costly.  Businesses of any size now have a responsibility to invest properly in data security. [1]

The costs of not doing so can be severe, with the average cost of a data breach around $5 million.

Attack Types

Attack vectors will correspond to weaknesses within your firm's IT setup – from technical to social weakness.  Here are a few common ones:

• Malware – This is your good old "Grandma downloaded a program that said it would speed up her computer from definitelylegitimate.zk.vr".  It turns out Bob from Accounting is a grandmother at heart, and now nothing works.

• Phishing – "Hello, this is Benjamin from Microsoft, we have detected viruses installed on your computer, please call us at +84 987239987 so we can fix it."  A variety of techniques will be used by external actors to fool users into giving up data.

• SQL Injections – SQL is a programming language, almost definitely used by your internal database.  If an attacker can get code to that database (through a variety of exploits), they can extract internal information for their use.

• XSS Attacks – XSS stands for cross-site scripting, and involves exploiting your website's code to run in-browser code against visitors to the site

• DDOS Attacks – This involves overwhelming a server or service with so much traffic that it becomes unavailable.  While it may sound more inconvenient than dangerous, imagine your money-making web presence down for hours – or that of the the cybersecurity software you use internally.

• Man-in-the-Middle – Your computer talks to the server in a secured manner.  Unless you're just talking to someone you think is the server, to whom you are sending all of your identifying info and credit card information.

• Credential Stuffing – Do you reuse e-mail/password combinations?  Here's why you should stop: if one of your username/password combinations is discovered, a hacker will put it into an automated script to try and log you into different websites and find out if you reuse combinations.

Understanding the different types of attack vectors that may threaten you is the first step in being prepared against them.  Remember – forewarned is forearmed!

In part 2, we'll discuss how malicious actors may use the information they gain – and how to prepare and instill a culture of cybersecurity within your daily business.

 

Blog Categories:

Add new comment