We’ve come a long way from what a hacker used to be — an expert programmer that would take existing technologies or products and work to optimize and customize them. In fact, Steve Jobs was a ‘phone phreaker,’ a group of programmers that exploited the telephone exchange system.
While some modern day hackers may be expert programmers, hacking and cybercrime have become big business. In the 1990s, hackers were personified by rebellious teenagers or lonely programmers in their basement with a vendetta. If we were to personify them now, it would look like any large enterprise. The only difference is these services are sold on the dark web versus traditional channels.
Hacking has become big business
The more successful hacking enterprises have refined their products and methodologies in order to maximize their returns. It’s so sophisticated that they are fully functional organizations with accounting and payroll departments, sales teams and global operations. Products offered can range from full service hacking and information delivery, specific sets of information to HaaS, or hacking-as-a-service, which gives someone the tools and scripts to hack on their own, just like any other as a service model we have seen offered over the last seven years.
The business of hacking is so successful and there’s such an excess of data available on the dark web that the price of information is fairly low. According to a CNBC report done in 2015, the price for personally identifiable information (PII) which include names and addresses, and other personal information is only US $1 per PII. Bank account login information is worth US $200 — $500.
The rapid digitization of data along with new technological advances like IOT, cloud adoption and AI have all contributed to the funding of these businesses. It has also led to the rise of new ways to infiltrate the data of organizations through sophisticated malware, ransomware, data manipulation, advanced persistent threats and others.
The cost of weak security measures and breaches
With new threats cropping up each day, securing your organization’s data can feel like you are drinking water from a fire hose with no signs of it letting up. Not only is it critical to have security protocols and services baked into every layer of technology, from infrastructure to employee devices, it’s also imperative to have a comprehensive strategy that is agile enough to respond to today’s threats.
Do you think this won’t happen to your organization? Virtually every enterprise is under attack and will be breached. Even one breach can severely impact an organization’s bottom line. Technology research firm Juniper predicted the cost of data breaches will increase to $2.1 trillion globally by 2019, increasing almost four times the estimated cost of breaches in 2015. Cybercrime and hacking have become too big a problem to ignore and an investment needs to be made to protect critical data.
How to protect your organization
There are a variety of steps your organization can take to keep its data secure. These include basic but often overlooked measures to more complex solutions. In terms of basic measures, you should keep all of your software up-to-date and regularly patched in order to protect your business against the latest security exploits. Additionally, it is recommended to give your employees cyber-security awareness training. This training educates employees on common phishing emails which attempt to collect password or login information by appearing as a legitimate request so that doors they do not fall prey to these types of attacks.
More complex solutions include network segmentation or the use of monitoring software. Network segmentation involves dividing your cloud network into different zones, each with varying security requirements based on the nature of the data held in that zone. For example, cardholder data should be placed in an isolated zone with the most stringent security requirements. Segmenting a network makes it more difficult for an attacker to move across the network and gives your organization more time to respond to a threat.
Monitoring software, such as firewalls, monitor incoming traffic to your cloud network and can alert you when a threat is detected and allow you to deploy critical prevention measures. One advantage of using monitoring software is that it can be more cost-effective than having an in-house team of security experts. Due to the shortage of trained security professionals in the market, hiring them can be expensive while monitoring software can provide around-the-clock surveillance for a fraction of the cost. However, it may be necessary to integrate multiple types of monitoring software since usually one tool cannot monitor the wide range of devices on a network, meaning different tools for different devices are required.
Unfortunately, there is no silver-bullet solution that can eliminate all the risks hackers can present. The best approach, therefore, is to adopt a variety of measures, ranging from basic to more complex, in order to close as many gaps as possible and keep your organization as secure as it can be.