A Brief History of Apple Hacking
The term ‘ethical hacking’ may seem like something of an oxymoron, but it is a precaution that should be of interest to almost all businesses.
Sometimes known as ‘penetration testing’ (although the two differ in some definitions), it involves a company-authorised attack on its own websites and systems to see how robust defences are.
This may seem like a rather obscure worry – particularly for cash-strapped start-ups with many other expenses to cover – but it should be necessary for almost any business entity – no matter their level of online participation, according to a security IT expert.
This is because any business could be a victim of some form of hacking. A 2013 study by Pierre Audoin Consultants on behalf of the UK government’s Department for Business Innovation and Skills (BIS) reported that: “The 2013 Information Security Breaches Survey has shown that 87% of small businesses across all sectors experienced a breach within the last year. This represents an increase of over 10% from 2012.”
Ilia Kolochenko, chief executive officer (CEO) of High-Tech Bridge, a provider of cyber-security products, has found anecdotal evidence of similar hikes in activity through his business practices.
For example, a consulting firm in Geneva had a typical small ‘who we are’ website listing the company’s services, other general information and some basic advice. It contained no customer data and was well designed and secured, so the company decided hacking was unlikely to happen or achieve anything if it did, says Kolochenko.
But a hacker created a ‘look-a-like’ URL of the company’s page and emailed one of the company employees pretending to be a customer wanting clarification on an article. When the employee clicked through the page wouldn’t open but a virus was unintentionally allowed in. This enabled the hacker to access computer data and the mistake was only realised when the employee attempted to call the customer to clarify.
“No one realised something went wrong before all the data was stolen,” says Kolochenko. “The hackers didn’t care about the SME itself but were targeting confidential documents. If the employee hadn’t called the customer and been told they had no idea what he was talking about, the breach could have remained undetected for quite some time.”
But some SMEs may argue that they have absolutely no internet presence and are thus safe from malicious attacks. This is, unfortunately, not the case, Kolochenko replies.
In another example, a company advising high net-worth individuals on investments was targeted. The company had no website – having no need to publicise services and relying on word of mouth for business. But a partner in charge of customer information subscribed to various financial industry websites and publications using a variation of his work email log-in details. Hackers targeted the easier-to-hack third-party websites, extrapolated his email log-in details and gained access to sensitive financial data.
And with larger corporations increasing cyber security measures, these kinds of tactics are becoming more common as hackers search for the weakest link in a data chain. As more firms gain awareness of these kinds of tactics, they will start to scrutinise their supply chains and do business with companies that have the correct security protocols in place, Kolochenko adds.
But most forms of ethical hacking or penetration testing is out of the price range of small and medium-sized enterprises (SMEs) much less most start-ups. This puts them at a disadvantage when testing the robustness of security systems and protocols.
In order to attempt to counter this, Kolochenko’s company has developed a new testing service called ImmuniWeb that combines automatic scanning and attack systems with a degree of manual testing. The product comes with four different price points, offering increasing amounts of manual testing as the price goes up.
This means that almost all businesses should be able to afford a level of security testing. And as worries about hacking increase, it could be that having some proof of system security becomes a requirement before a business deal is agreed.
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Powered by WPeMatico