BLOG

SUBSCRIBE

The Epic Struggle of Fighting Hackers...and Beating Them

Tech

If you’re going to run a phone scam, don’t call a security developer.

One such scammer did just that, telling the developer that he was in trouble with the IRS. If he paid thousands of dollars, he could avoid jail.

Obviously, the developer didn’t buy it.

The call center now gets a robocall 28 times a second, thanks to this program he created. Now, when the scammers pick up the line, they hear this:

“Hello. It has been detected that you are a scammer. Because of this, we are flooding your phone lines to prevent you from scamming additional people. This will not stop until you stop.”

The developer embodies the latest attitude towards cyberattacks shared by companies throughout the U.S.: “We’re mad as %$@# and not taking it anymore.”

The Impact of Cyberattacks

Hackers target corporations every day and the numbers are staggering.

CSO magazine estimates that 58 data records are stolen every second at the expense of $141 for each record. That’s roughly $490,000 spent in one hour thanks to online theft. Another service found that more than 9 billion data records have been lost or stolen since 2013, which breaks down to about 5 million records a day. Almost three billion robocalls were placed in January 2018 alone, and it’s not a stretch to assume a large portion of those traced to scammers. Even the technically sophisticated call center/IRS ploy mentioned above has been profitable to scammers, netting upwards of $36.5 million since 2013.

Hackers can access systems through multiple vulnerabilities including:

  • Systems vulnerabilities: Equifax, one of the nation’s three credit rating agencies, failed to update a web application. As a result, hackers found an accessible point of entry and stole 145 million records.
  • Phishing: A Lithuanian man tricked accountants for two technology giants into sending him $100 million, an elaborate scam which began with a phishing email and included fake invoices.
  • Downloads: DLA Piper, a global law firm with more than 3,000 attorneys in 40 countries, suffered from a ransomware attack that encrypted files and shut down its phones, emails, and laptops for days. It is theorized that the malware entered DLA Piper’s systems through a software update provided by a Ukrainian accounting firm. The same ransomware attack hit Maersk, costing the company $300 million (and counting) and demanding an overhaul of their global IT infrastructure.

The causes of attacks—like their methods—are varied. Sometimes hackers want to capture and sell personally identifiable information on the black market or use it for fraudulent activities. Sometimes they’re looking for market-moving information to profit from or want to encrypt your data and hold it for ransom. Whatever the motive, sophisticated cyberattacks are at an all-time high and companies are actively working to deter them.

How Companies Are Fighting Back

Fortunately, companies looking to battle hackers have quite a few resources at their fingertips.

Ethical Hackers

What if hackers used their powers for good, rather than evil? Ethical hackers (also known as white hat hackers) use their skills to find technical vulnerabilities, much like malicious hackers. They stop at discovery, however, preferring to inform companies of the weaknesses and prevent an attack. In return, companies often pay the white hat hackers as a reward for reporting. They may also hire the ethical hackers specifically for penetration testing.

Outsourcing

With the onslaught of cyberattacks and new varieties popping up every day, many companies turn to security consulting firms to protect themselves. These firms have the experience, talent, and equipment to identify existing threats and advise on protective measures.

For example, a business had its video conference camera hacked, which unknowingly allowing unauthorized individuals to eavesdrop on board meetings. A cybersecurity company hired by the business noticed unusual activity on its client’s network, allowing them to quickly rectify the hack.

Active Defense

Active defense pushes cybersecurity past defense and into offense.

As one publication explains it:

Active defense measures …  can involve companies going outside their networks to disrupt attacks, identify attackers or retrieve stolen data. Companies might also use beacon technology to determine the physical location of an attacker if files are stolen.

As it is a slightly more assertive approach, it also prevents a more controversial method. Experts argue that this approach can violate the Computer Fraud and Abuse Act, which prohibits anyone accessing a computer without authorization.

Artificial Intelligence

AI is the ideal foil for cyberattacks. It processes and understands large amounts of data from multiple sources in a short amount of time—far faster than humans or traditional technology. Its ability to learn means it can become quite sophisticated over time at detecting and acting against unwanted intrusions. Many of the companies currently using AI to support cybersecurity use it for tasks such as quickly detecting intrusions and automating responses to attacks.

Proactive Measures

They say the best offense is a good defense, meaning the best way to deter hacks is to make it as hard as possible for them to happen.

  • Train – Often it isn’t technical measure but human error that opens the door to breaches. Train employees to spot the hallmarks of an attack (for example, an email coming from an unrecognized address asking for login credentials), as well as the variety of attacks that can manifest.
  • AAU – Always be updating. When you put off updates or avoid them altogether, you’re making it easy for unauthorized individuals to enter your systems through vulnerabilities.
  • Stringent administration – Deactivate employee access to systems as soon as they leave the company. Set guidelines for types of accepted passwords (number of characters, types of characters, selecting new passwords on a regular basis). Employ multi-factor authentication, which requires users to verify their login via a text message or telephone code.
  • Backup your data – By backing up your files on a regular basis, you have a copy ready to revert to should your company get hit with malware.
  • Plan – Businesses should have policies on how employees can use their technology as well as plans on how they will act should a breach happen.
  • Cyber insurance – Hacks and breaches incur significant expenses (remember the $141 per record stat above?) While cyber insurance won’t prevent an unauthorized intrusion, it will help a company stay on stable financial ground while it recovers.

As cyberthreats evolve, so do the tools to fight them—it's time to build up your company’s defenses now.

March 28, 2018