– Melville Wekesa, Technical Lead, Merge Systems
Cybersecurity is arguably the hottest topic in IT right now. As businesses and organizations embrace digitization, they also expose themselves to threats not found in the non-digital universe. We are living in a new normal and our security strategies need to evolve with the times. With the growing relevance of the internet of Things, cybersecurity is only going to become more important. How can you protect yourself and your organization?
As the famous Chinese general and military strategist Sun Tzu once said; “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” If we are to win the cyberwar, we must know the enemy. In this article, we shall review some of the vectors that hackers are likely to use to attack your organization. In subsequent blogs, we shall look at mechanisms for protecting ourselves.
THE EASY STUFF
Hollywood depicts hacking as requiring very complex tools, equipment, flat soled sneakers and awkward social skills. However, real life is not always so complicated. Many times, the weakest links are the people working in our organizations. Human beings are incredibly complex yet predictable too. We are curious, we are lazy, we are friendly and we are careless. As a hacker, you can spend many hours writing a complex program that can steal passwords or you can trick a friendly and helpful ‘colleague’ into unknowingly aiding your cause. Many hacks have been successful simply because the hacker compromised an unsuspecting insider. Yet sometimes hackers do not even need to do the ugly work of deceiving anyone, they can count on the fact that an IT admin somewhere will be lazy, careless or both. Many systems are still operating with default passwords available online at the click of a search button and hackers will always be on the lookout for these. Whereas most IT devices have recovery procedures for passwords that require physical access, a lot of organizations have IT systems out in the open and easily accessible to unauthorized users. A hacker can save a lot of time by accessing these systems and planting malicious software for nefarious use.
THE NOT SO EASY STUFF
Moving away from the obvious human angle, hackers will target the not so obvious vectors. When a hacker is exploring a potential target, they will ask questions like, where does my target spend most of their time? The answer for many organizations will be browsing webpages online. Focusing the attack on webpages would then be a potential jackpot for a skilled hacker. Another likely answer to this question is accessing emails. If this is the case, time spent by a hacker trying to compromise emails is time well spent. HTTP and SMTP have proven to be common vectors that hackers use to attack organizations. They will setup fake websites that look very much like the real website and use these to harvest unsuspecting users’ credentials. They will also send emails from fake accounts or attach malicious files to emails in the hope that someone will open them and thus help the hacker to compromise IT systems.
Another question that a hacker may ask is; how do the users access these web pages and emails? The answer for many organizations today will not only include desktops but also mobile devices like mobile phones, tablets and laptops. Targeting the endpoints is therefore likely to yield fruit for the hacker. Mobile phones and tablets offer an interesting vector for hackers because while we have embraced the Bring Your Own Device phenomenon and allowed users to access company assets on their mobile devices, a lot of organizations still haven’t invested in ensuring these devices are as secure as the traditional desktop or laptops.
THE COMPLICATED STUFF
Assuming a hacker has gained access to an unsecured system, what then? They need to exploit this access and translate it to some form of benefit. Ransomware is one of the ways in which a hacker can take advantage of a compromised system. They can drop software that encrypts important files in the compromised system and demand a ransom to decrypt the files. They may choose to install software that allows them access to the compute resources whenever they wish. These resources can be used to launch attacks such as denial of service against other systems, siphon data, etc. They may also exploit vulnerabilities in the system software or architecture to steal data for sale in the black market.
There are many ways to skin a cat. And hackers with malicious intent need to find just one to compromise your organization. How safe are you from the above vectors?
