The popular stereotype of a cyber hacker tends to be a young, highly skilled person sitting in a darkened room surrounded by sophisticated computer equipment. It’s an image honed by Hollywood and often supported by mainstream media.
However, increasingly, this is not the case. Hackers can be young or old, male or female, and belong to a wide variety of social groups. Thanks to the evolution of the cyber crime world, a hacker can essentially be anyone with the motivation and desire to cause mischief, create damage or achieve financial gain.
A would-be hacker doesn’t even need to be particularly IT literate. Rather than requiring deep technical skills, today’s cyber criminals have access to a portfolio of off-the-shelf tools. These tools are readily purchased online, simple to configure, and powerful enough to mount sophisticated attacks against chosen adversaries.
At the same time, groups like the Shadow Brokers are appearing in increasing numbers. Among the more sophisticated cyber criminals, they source and distribute stolen tools and details of potential exploits.
A recent example was code stolen from the CIA which was then used to mount the WannaCry ransomware attack. The Shadow brokers and similar groups are constantly on the lookout for the next opportunity from which they can profit.
Also, rather than working alone in a darkened room, aspiring hackers can obtain significant support from the wider hacking community. They can purchase tools from others and share knowledge about weaknesses in target systems.
Some groups even offer support lines for hackers who strike problems when trying to configure tools and launch attacks. Education and coaching is available for anyone keen to build their level of skill. It’s a long way from the self-taught script kiddies of yesterday.
Pre-empting and protecting
Organisations need to be aware of this constantly changing and increasingly sophisticated threat landscape. They should take vital steps to ensure their core systems and data stores are as secure as possible at all times. Theses recommended steps include:
- Patching: It is important to ensure that all software patches are applied as soon as they are released. Many high-profile attacks have succeeded because the systems targeted had vulnerabilities that could have been fixed with available patches. Most software vendors issue patches in regular cycles and IT departments should ensure the activity becomes an integral part of their ongoing security procedures.
- Password and privilege management: IT teams should put in place systems and tools designed to keep user passwords secure. They should also take steps to monitor the access privileges of staff. If an account with admin-level privileges is hacked, this can allow an attacker to gain access to other parts of an IT infrastructure. Keeping passwords safe and limited the number of high-level accounts can reduce this risk.
- Adherence to security frameworks: Organisations should comply with recognised standards such as ISO 27001 that have been designed to assist the adoption of best practices when it comes to IT security. Adoption will ensure all the tools and processes are in place that are required to keep systems and users secure at all times.
- Application white listing: This technique involves creating a list of pre-approved applications that users can download and use on their devices. Anything that has not been approved can therefore be kept out of the corporate IT environment. This is particular important as increasing number of mobile devices are used by staff which can be more difficult to secure.
- User education: User behaviour can also be a cause of potential security breaches. All it takes is one staff member to visit an infected website or open an email attachment containing malicious code for an organisation’s IT infrastructure to become compromised. It is important to educate staff about best practices and how to behave when online. Training should be held on a regular basis to ensure the issue remains top of mind.
By following these steps, it’s possible to maintain effective security even as the threat landscape continues to evolve.
The threat posed by hackers is not going to disappear, so ongoing monitoring and protection is key for organisations to ensure their security protections remain as resilient as possible at all times.