Is My Business Being Hacked?

Home > Blogs > Security > Is My Business Being Hacked?

Is My Business Being Hacked?

Like This Blog 0 Mike Danseglio
Added by November 14, 2012

I get asked all the time about web sites or business computers being hacked. Specifically, someone asks me whether his Internet site is being hacked or internal computers are being attacked. My answer is always the same.

"Yes. Your business is being attacked. Your web site and your internal computers are both under attack right now. No, I don’t need to look. Yes, I’m quite confident."

It feels strange to give an absolute answer to this question. Most of my answers start with, “It depends” or “probably” and get even more conditional from there. But for this question, the answer is always the same. Yes, there are nasty people out there right now attacking your web site. They’re also attacking your work computers, your home computers, your phones, and anything else they can reach.

Why Attack Me?

Why is a common follow-up question. Why would an attacker hack into your web site or internal systems? Because your assets are assets. All assets have value, and attackers know it. Attackers have to pay bills just like you and me, and they need to compromise valuable assets to pay those bills. So an attacker hacks with the intent of extracting something of value.

You might believe that your web site or computer has nothing of value. I’m sad to say that you’re wrong. The web site you run, the old boring PC you use, the outdated smartphone… these all have tremendous value to an attacker. Just because the news only reports when Google and Apple and Microsoft get hacked doesn’t mean that smaller or less confrontational sites are of any less interest. I’ve personally seen successful attacks that targeted:

  • Personal Facebook pages
  • Cell phone contact lists
  • Holistic medical web sites
  • Cooking recipe web sites
  • Flickr photo streams
  • Charity donation pages
  • Personal blogs
  • My mother’s desktop computer

I’ve also seen successful attacks against businesses of every type and size. From a two person specialty clothing shop to Amazon.com attackers are interested in hacking anything they can.

Is All This Hacking a Problem?

Yes. Because eventually the attacker will succeed and compromise whatever assets you have.

The most well-defended resources on the Internet already know that their defenses aren’t perfect. There is always the possibility that a bug is found, that a password gets discovered, or that a smart hacker finds a crafty new way into a system. And when these well-defended resources are compromised there needs to be a fast and well-planned response in place.

The biggest problem is that you probably don’t expect a hacker to compromise your assets. As a result you’re not prepared to quickly respond and fix the problem. You probably won’t know that the hacker was in your systems, or it may be months or years before you find out. During that time they could have been monitoring accounts, stealing personal data, or embezzling funds.

How Do I Stop Them?

Prevention is the best approach to computer security. The best way to stop hackers is to make sure they never get into your systems. And the best way to do that is to learn their techniques. I teach a class on Certified Ethical Hacking where we examine exactly how hackers work, the tools they use, and how they get into systems. I show my students how to use this knowledge to think like a hacker, find the weaknesses, and then fix the weaknesses before an attacker exploits them.

There are a few rules of thumb that, while not perfect, usually make it much harder for hackers to compromise your systems by protecting what hackers first look for. These include:

  • Keep your operating systems and applications up to date. This means Windows itself as well as applications from companies like Adobe, Microsoft, Google, Oracle, and Mozilla.
  • Monitor your systems. If your web sites or databases change unexpectedly, you may be seeing evidence of an attack in progress.
  • Never trust others with your passwords. Over and over I see a situation that began with one employee loaning a password to another and escalated into a massive compromise.
  • Get training on security. Most IT careers involve security to some degree. Formal training is an investment in preventing future incidents. Even a week or two of security training now will serve you well during your entire IT career.

Conclusion

I wish your web sites and computers were impervious to all forms of attack. But that’s not possible. Just remain aware that you and your assets are targets and that a few basic techniques can help prevent successful attacks from ruining your day.

Be well.

Mike Danseglio -CISSP
Interface Technical Training – Technical Director and Instructor

Videos You May Like

A Simple Introduction to Cisco CML2

0 3877 0

Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2

Creating Dynamic DNS in Network Environments

0 641 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader teaches how to create Dynamic DNS zones in Network Environments. Video Transcription: Now that we’ve installed DNS, we’ve created our DNS zones, the next step is now, how do we produce those … Continue reading Creating Dynamic DNS in Network Environments

Cable Testers and How to Use them in Network Environments

0 724 1

This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.