Why Hackers Go After All Your Info, Not Just the Important Stuff

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://finance.yahoo.com/news/why-hackers-not-just-important-223000006.html

Fellow entrepreneurs often ask me if going through a comprehensive security
audit is necessary for them, considering that theirs are relatively small,
young organizations. Their argument for not conducting such an audit is
that hackers will find nothing there of interest. Most information they
hold in their emails, or in their online profiles on sites like LinkedIn or
Twitter, is pretty benign, these entrepreneurs say.

I get it. The logical belief is that while it may be just as easy -- or
easier -- for hackers to go after smaller, less sophisticated outlets,
there’s nothing of value that they'll find there. Sensitive information,
like bank statements, tax returns, company contacts and employee payroll
information is securely stored by the companies' service providers.

The risk of damages from an attack, if it occurs, is surely minimal.

I disagree. The reality is that all your information is important to
someone who can quickly piece together what you see as relatively
innocuous. Hackers can then turn this information into something that could
do significant harm to you and your company.

We saw this not too long ago when Russian hackers infiltrated the Pentagon
email servers. Federal officials quickly noted that none of the agency's
secure servers had been penetrated; but the information obtained, while
unclassified, still offered valuable insights to the enemy. What's more,
the Defense Department spent significant time and money shoring up its
security system's vulnerability and analyzing the threat.

Let’s take an example closer to home and apply it to our business world.
Say you’re heading out on a trip someplace you’ve visited several times
before with family. Certain hotels, restaurants and attractions have become
regular stops for you. Many of us (myself included) will want to tell our
beloved Facebook friends about it. And, yes -- though this is a “full-on”
vacation -- you, like the rest of us, will still stay a bit connected to
work because that’s what entrepreneurs do.

This is all fine but should be done with the understanding that almost
anyone else will be able to see that information as well. Something north
of 1.2 billion active monthly members, 750 million daily users and 945
million mobile users are on social media platforms. So, when you tell your
friends where, when and how you are going to your “favorite vacation spot”
yet again, that information can be the perfect opportunity for
sophisticated networks to uncover patterns in your activities. Those
patterns may prove beneficial to parties aiming to spot vulnerable access
points where you connect with your laptop to "check in" on things.

Once hackers gain access to your device at those outlets, they will
undoubtedly see your conversations with employees, customers and strategic
partners. While those conversations may not be of national security
importance, they will provide insight into the activities of other
individuals in your network, ones who actually do hold secure data.

The point of the illustration is this: Hackers love to obtain all kinds
information, even unclassified data. So, let’s not forget who the enemy is.
Contrary to stereotypes, hackers do not live in their mothers' basements
staring at a homemade computer all day because they have nothing else to do.

Rather, they have the means to capture a seemingly infinite amount of data
in short order and are part of sophisticated, organized global syndicates
that are well financed, expertly trained and bent on disrupting -- if not
taking down -- governments and corporations around the world.

Given that fact, you might want to reconsider your assumption that your
company is "too small" for its information to be of interest to outsiders.
Because you may be wrong.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!