Written by Roman Paljk | OneNet General Manager
After a few years working full time, and with a few extra dollars in my pocket, I decided it was time to invest (in myself). Despite what my father had told me, I was seduced by the allure of a luxury European car. I’d worked hard for it. I’d earned it. Heck, I deserved it! The ultimate driving machine. How could I resist? Unfortunately, my dreams and my budget were not aligned at the time. However, after a few months of extensive research, I was the proud owner of a pre-owned, second-hand in anyone else's vernacular, European car. Those were some of the happiest (few) weeks of my life. However, one day as I cruised down the road, my dashboard lit up like a Christmas tree!
They say that data is the new oil. So, how do you know when you have a leak? Is there a dashboard in your organisation that alerts you to a potential leak? A siren that sounds? Even if you knew there was a leak, would you know what to do about it?
Without sounding alarmist it’s quite conceivable, some would argue likely, that data is being siphoned from your organisation right now, as you are reading this text, and you wouldn't even know it. Who are they? What are they doing with your data? How did they get access? And, what can you do to stop it?
“They”, for lack of a better term, are “the bad guys”. Criminals have evolved. While a few decades ago stealing and selling the car stereo out of my European dream car (which also did happen) might have been the easiest way to make some fast cash, today your data is a more lucrative and, arguably, an easier target. As it is data that keeps the engine of your business running, criminals understand that you not having it could be extremely costly. What would you pay to get access to your company systems or data back? What would your competitors pay to have access to it if it was offered to them? $10,000? $100,000? More?
Just like drilling for oil, gaining access to your corporate network and data isn’t always an easy task. Yet the rewards are so great that criminals have become increasingly sophisticated and persistent in their attempts to gain access to your applications and data. While the ways in which your network may be compromised are virtually endless, some of the more common approaches are as follows:
• Email is one of the most widely compromised attack vectors. Think about it. By simply having an email address, the majority of your staff are exposed to highly sophisticated and, in many cases, extremely convincing attempts to gain access to corporate data, user credentials and payment details. We have seen numerous cases of clients who have unbeknownst to them, been compromised and their accounts are forwarding every email they receive to a malicious third party. It doesn’t even matter if the user changes their password, every piece of mail continues to be forwarded. The information leaked in these emails is bad enough, however, it is often further exploited to create even more harm and damage.
• Patching. We’re continually astounded at the amount of unpatched hardware and software we see. Astounded, but not surprised. In any given week, dozens of new patches are released for not only the myriad of software that organisations use but also all manner of hardware. Think about all the devices connected to your network – phones, photocopiers, tablets, TV’s. All of them are a potential gateway to your corporate data and applications. Is there anyone in your organisation taking responsibility for these attack vectors? Are they doing a good job? Are you sure?
• Staff. Without staff, your organisation's security posture would be significantly improved. If that’s not an option, then it’s a risk you have to live with. Hackers can spend months trying to identify holes in organisations information security systems, hardware and software. On the other hand, they can simply call James on reception and trick him into handing over his credentials or email Mary the CFO and convince her to change the payment details on an upcoming payment. These are common occurrences and it is certain that the cases of this sort of cyber-crime are under-reported by organisations, embarrassed they have been duped.
One of the biggest challenges with the examples above is actually realising you have been compromised. Aside from the obvious signs, such as all your files getting crypto-locked, or a supplier asking you why a payment hasn’t been processed, how do you know that your information isn’t being leaked or your systems have been compromised and are now being used to spread malicious content?
How do you know if the bad guys aren’t lurking in your network and siphoning off information? And even if you did know, what would you do about it?
You can say what you want about my “near new” European car (and believe me, I there was some colourful things said) but at least it told me when something was wrong. It had a warning light for almost every eventuality and a quick check of the thoroughly worn owner’s manual told you exactly what was wrong. If it’s true that data is the new oil, that keeps your business running, wouldn’t you want to know if there was a leak?
