Have You Been Hacked?

Have you ever had a Virus, Spyware, or Malware?

These are terms most people are more familiar with, but they all mean the same thing- the security of your business was compromised (you’ve been hacked). Most people are familiar with the tell-tale pop-up ads that occur when your computer has been infected with spyware. Most malware today is not so obvious; it infects your computer and silently sends details back to it’s controller. Information such as bank accounts and intellectual property are the targets of today’s cyber criminals.

Questions for your I.T. Department:
  • Could we detect large amounts of data exiting our network?
  • Do we track the movement of data classified as highly sensitive from one user to another?
  • Would we be able to detect non-standard data transferred on common ports?
  • Do encrypted communications channels signal an alarm?
  • What level of attacker can we defend ourselves against?
Questions for Business Owners:
  • What information is really the “secret sauce” of our company and must be protected by all means available?
  • What is the true impact of a breach on our business financially?
  • Are we being realistic about our chances of being breached?

Cyber attacks today come in various skill levels:

Enthusiasts– Sometimes referred to as “script kiddies” in the industry. These are opportunist and unskilled attackers that look for any easy opening. Enthusiasts surf the Internet looking for easy to exploit vulnerabilities in software without any particular victim in mind.
Skilled Enthusiasts– This level of attackers are akin to Network Administrators. Skilled enthusiasts are attackers that have a good understanding of how networks and companies work. Attackers at this skill level use similar tools to the “script kiddies”, but skilled enthusiasts understand when to use a particular attack tool and may have a specific target in mind.
Professional Cyber Criminals– These are the for-hire bad guys of the cyber world. They are not as obvious as the average attacker and they’re very good at getting what they are after. These types of attackers typically go after bank account numbers, intellectual property, social security numbers, credit cards, and patient information. Profesional criminals use tools that are either modified or off-the-shelf variety attack tools or in some cases custom written malware, making them much harder to detect.
Nation States or Advanced Persistent Threats (APT)– Attackers at this level are highly skilled and well funded. It is thought that many of these attacks go unnoticed so it’s tough to get a good feeling for how common they are. Attacks at this level include the breaches at Google, RSA, Stuxnet, Flame malware, and other nation state or well funded attacks. The tools these attackers use are custom written to avoid detection.

Be Realistic!

It’s important that your company is realistic about what sort of attackers it’s likely to face. It’s equally important that the current state of your company’s security program is understood. If your company has never had a Vulnerability Assessment start there. A Vulnerability Assessment will give you a good sense of how secure your business currently is and where improvements need to be made.

Please go to the Contacts Section if you would like additional information.

Follow Me

Nick Gibson

Nick Gibson is a United States computer security expert and founder of NBG Networks LLC. He has worked in security regulated industries like healthcare and finance for over a decade.
Follow Me

Latest posts by Nick Gibson (see all)

No Comments Yet.

Leave a comment