There are three main types of hackers: ideological (Anonymous is the most notable example); criminal (their motivation is primarily financial gain); and intellectual property (looking to steal data or trade secrets). When it comes to hackers, it’s important to understand their motivation to determine the way to beat them.
The tool of many ideological attacks is a Distributed Denial of Service (DDOS) exploit, where thousands of botnet computers send page requests to your corporate web servers in an attempt to overwhelm their capacity. For an updated list of DDOS attacks, here’s where they are happening all over the globe.
The best defense to a DDOS attack is a corporate intrusion-prevention appliance and carefully watching your firewall logs. Unfortunately, there is no real way to anticipate ideological attacks. Companies must be sensitive to how their business is perceived by the general population, and note if there are natural enemies that could organize a potential attack. As always, PR is a large part of any data security strategy.
Phishing is the primary tool of cyber-criminals looking for a quick score, as they attempt to gain access to personal and business financial accounts that they can drain of funds. The best security practice involves making sure all of your users’ browsers are updated to the latest versions — especially in the cases of Adobe Flash and Acrobat Reader, where many phishing attacks originate.
Many email security gateways also do a reasonable job of trapping phished emails, too. However, having an IT staff that is on top of these techniques and keeps your systems patched is critical in protecting your network from these types of hackers.
Social engineering practice — the ability for hackers to pose as genuine employees and extract information that can be used to compromise your network — is typical in many thefts of intellectual property. In some cases, they are politically motivated, or the result of government-sponsored actors looking for information on customers or employees. Sometimes, all it takes is a smile and a nice suit for many of these individuals to get into your offices or to charm someone on the phone for information.
User education is key to prevent these sorts of attacks. Make data security a company priority and work with your employees regularly to emphasize the importance of constant vigilance. Many employees believe that data security isn’t their responsibility.
What happens if a hacker does get into your system? IPR offers many solutions to protect your company’s most precious data. Call us for a consultation: 877.282.4873