Hacking tends to be glamourized in movies and shows. You’ll see a mysterious individual hidden away in a secured room, rapidly typing as they read through endless screens of code and battle security systems in real time. The end goal is to break into a high-profile target’s system and getaway with valuable data.
In real life, hacking is much more mundane.
For starters, it’s often a long game, with hackers placing malware and looking for exploits over a period of time. Believe it or not, they sometimes carry their work out in public. As for their targets, they’re often small, unsuspecting businesses. There are far too many real-life hacking examples to contain in a single post.
Today, we’ll focus on three ordinary hacking situations that can happen to just about any business.
While most movies and shows greatly exaggerate how hacking works, there are rare exceptions. Mr. Robot is famously one of these. In one episode, the main character using a coffee shop’s network to hack into another device on that network. From there, he can do just about anything he wants.
The same is often true in real life. If your device is connected to a public network, it can be exposed to hackers.
Let’s say an employee takes their computer into a coffee shop. They might not even access any important work materials while they are there. However, a hacker could still potentially install malware or create some sort of backdoor on the device. When that worker then takes the device and connects to their work network later on, the hacker could use this exploit to then enter the company’s system.
Internet of Things
There are more devices connected to networks than ever. Not only do we have computers, phones, and printers, but we even have lightbulbs and HVAC systems using internet networks. This creates what’s known as the Internet of Things (IoT). Though the IoT provides a lot of convenience, it also leaves a lot of available exploits.
For example, it’s generally believed that the great Target hack of 2013 involved their POS systems. In that instance, hackers used the company network to get into the POS devices. However, the opposite can work as well.
Let’s say you have a smart fridge that integrates with your network, as well as personal accounts such as email. Though these accounts and networks have strong protections in place, the fridge might not. If the hacker can break into the fridge, they can use that as a bridge to access more sensitive information.
This is because your accounts, as well as your network see the fridge as a trusted device. The fridge ultimately serves as a Trojan horse. If this sounds far fetched, it’s not. A security firm discovered this exact type of exploit in a popular Samsung fridge.
Social engineering can take a lot of forms. Essentially, it is a process of tricking a person at a company into thinking you are someone that you aren’t.
Here’s a hypothetical situation.
Let’s say you have a vendor you work with called InternetGuard. A hacker might purchase a domain “lnternetGuard.com”. Though that domain might look legit, internet is actually spelled with a lowercase “L”. Of course, you won’t notice that when you receive an email from them. To further fool you, they’ll likely do a little research before, learning the names of your boss and/or coworkers. They may even learn some information about you personally.
They will then leverage this info to fool you into thinking that they’re legitimate. If they can do that, they can trick you into clicking a link to a fake sign-in portal or download a malicious file.
Protecting Against Today’s Cyberthreats
No matter what size your business is or what industry you operate in, you need to be prepared for today’s threats. As a leading provider of information technology services in Dayton, Ohio and across the US, we understand how serious cyberthreats are for today’s businesses.
We’re partnering with Technology First to provide a training session entitled “Cybersecurity – A Risk Based Approach”. This will be presented by our very own CEO Marcus Thompson. Marcus has been in the IT consulting and service delivery industry for over 20 years. During that time, he has held technical positions at technology and professional services organizations. Marcus is also highly certified and most recently achieved the (ISC)2 CISSP and HCISPP certifications, the ISACA CRISC certification, and the Cybersecurity Analyst+ and Security Analytics Professional certifications from CompTIA.
In “Cybersecurity – A Risk Based Approach,” Marcus will be reviewing real-life examples of cybersecurity incidents and their effects on the business. He’ll also cover how to approach cybersecurity at the business level to make risk-based decisions around cybersecurity.
During this session, you’ll learn about key planning steps and documentation needed to determine risk, prioritize response, and justify expense.
CyberSecurity – A Risk Based Approach with Technology First
Time: Wed, Sep 29, 2021 12:00 – 1:00