What do the following companies have in common: Ebay, AOL, British Airways, UPS, and Sony? They are all multi-national, billion-dollar companies who have been hacked in the last 18 months. The exhaustive list of organisations who have suffered security breaches is significantly longer. The number and scale of successful hacks is continually rising. Today, hacking unquestionably constitutes a threat that every digital user should be aware of, no matter who they work for.
What exactly do we mean by hacking?
In digital terms, hacking can be defined as gaining unauthorised access to a digital asset. This could be a secure website, a wireless network, or even a physical machine such as a server or printer.
What motivates people to hack?
Primarily people hack for one of the following reasons:
- Mischief: Some people are just out to cause trouble. They do it just to show off to their peers and to disrupt people’s lives purely for a thrill. There is little point to their actions but they still produce the same result as any other hack: disruption, distress and, potentially, loss of income.
- Morals: Some people hack targets that conflict with their beliefs in order to show their opposition. For example, Anonymous, the notorious online hacking collective. Anonymous declared in February 2015 that they would target Twitter accounts and websites belonging to Islamic State (ISIS). Similarly, some sources have stated that the motivation of hackers behind the attack on the Ashley Maddison website was to show their distaste at the services it offered.
- Money: The most common motive behind the overwhelming majority of hacks is financial gain. There are many ways to make money from hacking. For example, hackers could steal credit card data giving them instant access to online funds. They could steal information and then blackmail either the source of the data, or the individuals whose data was stolen. Alternatively, rather than stealing data, they could also take control of a website. By adding their own malicious code to a website, they are able to install viruses on users’ machines, or redirect them to phishing sites which coerce them into revealing sensitive data. The possibilities are almost endless.
How can you protect yourself from security breaches?
The short answer is that you can’t; there is no way of guaranteeing this. Anyone that tells you otherwise is being naive at best and downright dishonest at worst. There are, however, some straightforward steps you can take to significantly reduce the risks of suffering a breach in your security:
- Keep your software up-to-date: This applies to all devices that you use for work, and to any apps or websites connected with your organisation.
- Audit your hardware and software: Old or incorrectly configured infrastructure and software can be a real liability. Having an expert review your hardware and software setup can highlight potential issues before anyone has the opportunity to exploit them. Having managed support services can ensure that your security is reviewed on an ongoing basis.
- Adopt a security policy across your organisation and ensure it is enforced: Human error is still a major factor in many hacks. There are many issues to consider here, from users choosing weak passwords and browsing dubious websites, through to sensitive data being stored insecurely or disposed of carelessly. Enforcing two factor authentication is a great start to improving user security.