In the first part of this series we discussed the different security attacks that a business needs to protect against.
What about motivation? Why would anyone attack my business?
Financial motivation is the most obvious reason. The attacker simply wants to make money.
Fame is also a popular yet often overlooked reason. Some people try to hack as many systems as possible for bragging rights and to show off. Unfortunately this makes them both harmless in that they might not have the intention of doing damage, or possibly the most dangerous in that if they lack skill they might do a lot of unintended damage with their meddling.
Revenge is the most common reason for insider jobs. Employees as well as ex-employees lash out by trying to damage their employer’s computer infrastructure.
Experimentation is yet another reason. For some hackers, hacking is a hobby. They try to infiltrate as many systems they can with no ill intent except to see if they can do it. Some will also inform their victim of how they managed to infiltrate their system and advise them on how to fix it.
Espionage, while probably not the most common reason, is another possible reason for targeted attacks where a competitor or even random people try to get information they can sell.
Computer resources are another possibility. The attacker might be looking for computers to add to his arsenal with the intention of using them to either launch attacks on other systems, to use them to send out spam or to use them as hosts for illegal material.
Anonymous Proxy happens when an attacker is looking for computers to use as hops. Such an attacker would connect to multiple systems while attacking a high profile target so as to make his detection more difficult especially if he has full access to that machine and can clear logs.
What can they steal?
The final element to the puzzle before we can decide on what level of security to implement is what we have to risk. In physical security this is a little bit easier since we can see at a glance what items a thief is able to take in case of a break in and what that will mean to the business. This isn’t so in the case of virtual information.
Virtual items that can be stolen vary between organizations and some businesses might have minimal risk especially when they are not very dependent on IT. However this is probably the exception and not the rule. Even a small corner shop might have the following items an intruder might be able to steal:
- Client data
- Employee Data
- Supplier information
In a larger organization this can include other critical items:
- Financial data
- Bank account information
- Login / Passwords
- Intellectual property (Designs, sources code etc.)
Consider what information there is in these items and the potential damage they can do if stolen. What can one find if he gets access to the company’s emails? Do you receive orders by emails? Could it be there are things like credit card details? Possibly other bank related details? What about customer information? A customer list can be a valuable commodity that a hacker can sell to your competitors which will obviously have a negative impact on your business. What about the risk of disclosure? If some emails contain salary information and this information is made public, what would the implications be? What about supplier information? Could a hacker gather enough information to trick a supplier into diverting goods or your accounts department into sending payment into the thief’s bank account?
What about client details? And employee details? By law these will need to be notified and even if you live in an area where the law doesn’t impose such conditions, would you risk keeping silent knowing the risk of legal fallout should the stolen data be misused?
Stolen goods are not the only worry!
Something you generally do not need to worry about when suffering a physical break-in is what the intruder leaves behind; however, when the break-in occurs in the virtual world this can be a worrying factor. With a physical break-in the chances of the intruder planting devices are quite low whereas installing malware such as root kits to facilitate future break-ins as well as get access to any data processed on the network is nearly a given.
What this ultimately means is that once one suffers a break-in the only real safe course of action would be to reinstall all your machines.
In the third and final segment of this series we’ll be telling you how to avoid being a victim of online attacks.