The (new) Hacker, the Dark Web and YOU!
Access to data drives our lives – both our personal lives and our business lives. This access is amazing and is allowing us to do things that were never before possible. It’s exciting and incredible … and unfortunately, it’s dangerous. We are up against a faceless enemy who grows more devious, more cunning and more dangerous every day
Paradigm Shift #1 – The “hacker” has evolved
Stop for a moment and picture a hacker … what do they look like … what do their surroundings look like … what are they wearing … what do their peers look like …?
Based on recent movies and popular characters on TV, most people visualize a “hacker” as a young adult, wearing a hoodie, riding a bike or hanging out in their parent’s basement. This hacker is viewed as a loner or part of a small group of similar characters. These young adults appear to be clever but misguided and searching for something …
WRONG! This might have been an accurate characterization 10 years ago, but it is not accurate today … not by a long shot. Today’s hackers are professionals. They are well funded and are the brightest of the brightest. They are heavily recruited. They drive to office parks. They use the most advanced technologies available - very expensive, state-of-the-art equipment with an endless supply of internet bandwidth, software/hardware and other necessary resources.
These groups are organized. They meet and have collaborative strategy sessions. They have plans and budgets … they are diligent and tenacious. They are super smart and driven. And they want our money and resources.
We need to respect this new, faceless enemy!
When we don’t respect this enemy, we don’t give cybersecurity the respect it needs either. We need long and strong passwords. We need 2-factor authentication. We need firewalls and intrusion detection systems and security training. We need to be as prepared and diligent as our faceless enemy.
Paradigm Shift #2 – Breaches are unseen, hidden and more dangerous
What if your computer, your business network or your cell phone was compromised 4 months ago … and you did not know that it had been compromised? What if a hacker had been recording information from your phone for the last 120 days? Would they have any valuable information – financial/banking information, credit card information, personal information, … ?
This is a BIG, scary change in the cyber environment. Prior to this, hackers would loudly brag about their successes. They would let everyone know that they had hacked you or your business. They would bang on their chest and tell the world how smart they were … how clever they were … and how dumb you were. They would then demand money or bit coin in exchange for your information.
But today’s cyber-criminal is different. They have discovered that it is much more profitable to stay hidden – to compromise a system, stay hidden and collect as much information from that system as possible. Recent research shows that most breaches happen 200+ days before the breach is ever discovered … meaning that the hacker has collected information flowing through that system for 7 months … and this is scary.
Are you 100% certain that your system is not currently compromised?
Unfortunately, firewalls, antivirus programs and anti-malware programs do not protect you if your system is already compromised. What if one of your staff attended a trade show a month ago, grabbed a USB drive at the show, walked it in through your front door and plugged it into their work PC? What if this USB drive was host to a virus that is now on your network – behind your firewall? This is a problem.
An intrusion detection system (IDS) will identify this virus and will allow your IT team to find and remove it, but most US businesses do not yet have intrusion detection systems. It is important to understand that these IDS systems were not necessary 5 years ago. The landscape has changed … and we need to change with it!
Paradigm Shift #3 – The “dark web” is the hacker’s marketplace
The Dark Web has become a profitable marketplace for the cyber-hacker community. It has evolved into a very profitable resource for cyber-criminals to sell and purchase stolen information. Without an active and effective place to sell this stolen information, cybercriminals would need to rely only on Ransomware to generate revenues for their Cyber Empires. Ransomware is effective and has been a solid revenue source for these entities, but the Dark Web has exploded and greatly multiplied the sources of revenues for organized cybercrime.
Stolen credit card information, financial information, personal information … banking numbers, client lists, proprietary information, chemical formulas, proformas for emerging business entities … the list goes on and on. Without buyers and a platform for these transactions, this information would have limited value … but the Dark Web has evolved into a buyer’s marketplace – effective and active.
Do you have information being sold on the Dark Web today?
You should know if any of your important data is for sale on the Dark Web. There are services and companies that can scan the Dark Web to see if any of your data is there … and if so, they can help you take the necessary steps to prevent this information from harming your business.
There is a lot of “noise” right now about the importance of Cyber Security. Because of this “noise”, many people and business owners have tuned-out and are not taking the appropriate action to keep themselves, their businesses and their employees safe. We need to change this.
The enemy is real. They are smart and well-funded. If you have access to $1,000 or $10,000,000 you are a target. We need to be diligent. We need to be well trained. Successful hacks and breaches are the funding source for more attacks.
We all have a responsibility to stop these attacks from happening!