Hacking has been a hot topic for the White House lately. In response to recent high-profile hacks, Obama outlined a few cybersecurity initiatives he’d like to see introduced. And, while Obama was giving his speech at the Federal Trade Commission, US Central Command social media accounts were hacked…
The Central Command’s Twitter account, @CENTCOM, tweeted threats towards US military personnel. Simultaneously, its avatar was replaced with a masked militant, with the words “I love you Isis.” The YouTube account was also hacked, and pro-Isis videos were uploaded.
Most commentators tend to view this attack merely as an act of vandalism…not as a high-profile data breach. Peter Singer, of the New America Foundation’s Future of War project, stated that the attack was “a lot like Twitter itself: lots of attention, but no real effect.”
Hacking and Developers
In general, the tech industry tends to be more tech-savvy and secure than other major companies, such as Target or Home Depot. Perhaps this is because technology companies have a better understanding of their vulnerabilities and what they need to do to stay secure from potential threats.
According to a recent TechCrunch article, there are a few major components we can expect to see hackers exploit in 2015, such as unpatched and unpatchable systems, human error, and malware reuse.
In many instances, human error, oversight, and organizational failure combine and lead to catastrophic results. The Target data breach, for instance, cost hundreds of millions of dollars in damages. However, only a few months after this data breach, a variant of the exact same malware used to breach Target was then turned on Home Depot.
One reason these attacks were successful is that the organizations didn’t study and plan for similar breaches in the past.
There are several instances of serious data breaches that use recycled malware. The hackers who deployed Dragonfly were able to use cheap, widely known tools to gain access to highly sensitive targets, such as American and European energy grid operators, petroleum pipeline operators, and the American and Canadian aviation industries.
It appears that the recent Sony Pictures hack was also the result of recycled malware and human error. And although the Sony hack made the biggest headlines, it is probably just another in a series of high-profile attacks.
Protecting Your Business
So how does a business protect itself in a world that is becoming more vulnerable and complex by the day? Andre Durand, Ping Identity CEO, states that there is a basic security disconnect in most enterprises.
But, he says, these high-profile hacking incidents may finally be persuading companies to take security more seriously.
So what can your business do to stay protected?
First, don’t assume that cybercrime “only happens to other people.” High-profile companies tend to make headlines, but don’t assume that just because you’re small, you’re off the radar. Buffer, for instance, was hacked in 2013. On their blog, they claimed this may have been the result of Adobe leaked passwords.
No matter the size or function of your app, never presume that you’re safe because you’re small.
Second, compromised enterprises should share security and threat data. When one breach occurs, it’s almost certain that a similar attack will happen in the future. This may be one of the reasons why Obama wants hacked businesses to release cybersecurity information. Sharing data and applying big data analysis, according to the managing director of General Catalyst Partners, is the best way to stay safe from currently unforeseen threats.
In other words, there’s safety in numbers.
Third, incorporate security into application design. Most programmers aren’t security experts. Encrypted files, multi-factor identification, and access rights aren’t part of a typical coder’s training. Fortunately, there are companies that provide APIs to embed this type of functionality into apps.
Stripe, for instance, allows programmers to integrate this type of secure functionality without doing the hard work themselves.
Also, ensure that you partner up with a trusted security firm. Since security is such as rapidly evolving field, every business should partner with a trusted security firm. Cutting edge firms such as Cyren offer Security-as-a-Service…perhaps one of the best ways to stay protected from viruses, malware, and attacks.
The cybersecurity world is clearly fraught with uncertainty. New threats can be born and bred cheaply from recycled malware. And a competent hacker can use these cheap tools to exploit human error, breach robust systems, and extract mountains of sensitive data. As businesses become more and more reliant on technology, it is imperative that developers take steps to prevent future threats before they occur.