Your networks are not as secure as you think.
As a technology company, you are at the forefront of innovation — pioneers of new applications, experts at all things web-related. Therefore, surely, you are immune to cybercrime.
Think your security systems don’t stink? Think again.
Let’s face it: if your information is on the Internet, it’s ripe for the taking. Tech giants like Adobe, Google, and Yahoo! have famously made headlines in the past for data breaches that resulted in leaks of user accounts, passwords, and credit card information. Just last year, Reuters reported that a group of Chinese cyberspies hacked eight of the world’s biggest technology service providers. The hacking campaign, known as “Cloud Hopper,” breached the defenses of companies including Hewlett Packard Enterprise, IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology.
A University of Maryland study found that there is a hacker attack happening every 39 seconds. That means by the time you finish this article, at least three people will have had their information stolen. According to a 2020 Verizon report, hacking accounts for over half of all recent data breaches. Phishing and malware topped the list of common hacking techniques, while 43 percent of the breaches involved exploiting vulnerabilities in web applications.
It’s no wonder tech companies — who deal in software, data storage, and computer services — are prime targets.
Even the very innovations tech companies have adopted to make operations easier have heightened the risk of cyberattacks. With the increasing distribution of employees, apps like Slack, Google Drive, and OneDrive make file sharing and collaboration easy in a remote environment. But they also present scary security risks.
“We have a major shift in where people are. Normally, where people are is where the data is,” says Louis Otway, Theorem solutions architect. “Back in the pre-COVID days, they would create a ‘security perimeter’ around the network in that office, which means that the office has a firewall and smart switches and network elements that have a way to control how secure that environment actually was. At home, you are more exposed to common traps than in most office environments.”
Recently, a critical vulnerability was exposed in Slack that would allow remote code execution. As reported by Threatpost, “Attackers could gain full remote control over the Slack desktop app with a successful exploit — and thus access to private channels, conversations, passwords, tokens and keys, and various functions. They could also potentially burrow further into an internal network, depending on the Slack configuration.” Makes you think about what would happen if everyone knew how many videos of dogs on skateboards you Slacked to your co-worker, doesn’t it?
So how do we protect ourselves in the age of cybercrime? Some tech companies have been using a clever approach to cyber protection: hacking themselves. Often referred to as “penetration testers,” companies will hire hackers to expose weaknesses by infiltrating corporate servers or stealing information (on purpose!) As CNBC reports, “IJet and Teslapay hackers $1,000 to $15,000 for finding problems, depending on the severity of the issue. Mastercard pays up to $3,000. In October, the Department of Defense awarded “Hack the Pentagon” contracts to Bugcrowd, Synack, and HackerOne for their crowd-sourced programs.”
Data breaches can be devastating to your operations, reputation — and your bottom line. Cybersecurity Ventures estimates that cybercrime will have cost the world $6 trillion by 2021! That’s too expensive of a risk not to take action.
“You have to really start with an audit and define your profile of potential threats, a threat model, and from the threat model you can talk about different scenarios and that turns into an audit to see how easily those different kinds of scenarios might be able to occur,” says Joe Bossalini, Theorem sales support manager. “It shouldn’t be framed as a question of ‘Do you want to invest in security or not?’ It should be, ‘To what degree are you comfortable with the risk?’”
By hacking your company from the “inside,” you can learn about potential security threats before an “outside” hacker tries to take advantage. It’s a strategy that’s gaining popularity. A November Inc. survey found that 21 percent of high-ranking executives from Inc. 5000 companies said they had hired an external team to break into their own systems as a security measure. Of those who did, 87 percent found it worthwhile.
This era of technology and innovation means it’s more important than ever to be vigilant about security risks.
With a rise in remote work and computer and web-based services, it’s our job as tech companies to care for the data entrusted to us. Take time to review your security plan: Audit your system. Learn your weaknesses. Educate your employees. At Theorem, we can help you create a backup plan for your security plan — including what to do when disaster strikes. Let’s make sure your security systems smell too good for the hackers to get a whiff. Contact us for a free consultation today.