Are You Safe? Part One
In the spirit of Cyber Security Awareness Month, we have a little story for you…
Once upon a time, there was a successful business that was security conscious. They had a first-rate firewall protecting their network from the outside world.
However, there was also a persistent hacker who wanted to get into their company information. Fortunately, the firewall regularly frustrated his attempts.
Still, the hacker did not give up. Instead, he found a more subtle way to get into the business network. He noticed that many employees used the same online restaurant service for lunch. Rather than attacking the business directly, he hacked the restaurant service website. This way, when the employees placed their lunch order, the website would execute some malicious code and give the hacker the information he was looking for.
This attack was successful because many firewalls allow free communication with any outside server as long as that communication originates from inside the firewall. All the hacker had to do was modify some code on a web page button, and because the employee “requested” the page, the hazardous code was allowed behind the firewall. Once the code was executed, the hacker now had communication that originated from inside the firewall and he could access whatever he wanted.
Standard firewalls and anti-virus software are good, but are not a complete solution. These tools monitor what comes in from the outside, but do little to stop anything from getting out.
Modern hackers are persistent, very creative, and a danger to business. Most businesses are not prepared for the latest attacks and need to review their security more often, and more deeply.
It is no longer enough to have a firewall and anti-virus software. Believe it or not, the biggest security holes are actually regular business practices and unaware employees. It is an unfortunate fact that too many businesses fail to see all their vulnerabilities, and as a result, put their information in danger.
For some threats, there is electronic protection. Yet for many, a well-established policy and fully-trained employees are the best defense.
In our next segment, we’ll talk more about policies and training.