“9% of breaches are ever found – out of that 1/9 with monitoring and 8/9 by pure luck”. 1 This was a statement tweeted by Sami Laiho on October 17, 2016. Sami is a Microsoft MVP and a leading expert on Windows Security. This is a compelling statement, one which infers that if you haven’t already been hacked, it’s only a matter of time before you are and you may never know!
Hackers operate for many different reasons, often for the challenge it presents and not always to steal your data. Some hackers will simply plant malware on your website that will infect anyone visiting your site, this could cause minimal or no impact to your business. However, others with an intention to inflict pain upon a business, will release viruses or ransomware into a network. The motivation is usually financial benefit or organised criminal activity and could cripple a business.
Hackers with a motivation to cause disruption for political gain or intentional espionage, are impossible to stop, their method is to execute an aggressive attack on servers. As these hackers are often state sponsored (in the case of the US election hackings), they are well resourced and financed.
Businesses are most likely to fall victim to the “low hanging fruit hack”, this is where automated objects (bots) continually look for weaknesses in security, such as servers and firewalls that are not properly maintained or updated, viruses that have not been removed or untrained staff who are deficient in adhering to security protocols. It’s only when the bots detect a weakness that a physical person gets involved in the hack to investigate the opportunities and find an opening to plant viruses or malware.
Early in 2016 news broke of a medical centre in Los Angeles which was being held to ransom; reportedly to the sum of $3.6 million USD to decrypt their systems including all of the hospitals patient files. In this case hackers found an opening and tunnelled into the system where they found a number of vulnerable points and they released a CryptoLocker virus (a form of ransomware where all of the computers files are locked and the hackers request a ransom to unlock the files). The virus was released into the system and the hackers shut the system down internally so the IT consultants for the hospital could no longer access the systems. The attack destroyed the backups and current data.2
With bots continually trolling for the low hanging fruit targets, it’s inevitable that businesses will be hacked at some point if they haven’t already. Businesses need to protect themselves from the possibility of lengthy interruptions or the worst case scenario of a complete loss of data, by having at a minimum, functioning, regularly tested offsite backups and preferably, a complete disaster recovery plan.
At the very minimum you need offsite backups that are stored in a location not attached to your business, usually in a cloud environment or at an alternative location. If a hacker is successful in gaining access to your server, they are likely going to lock or destroy your local backups first and then follow the path to your offsite backup. This activity should raise alarms with your monitoring software and will also give you another layer of protection as they will need to either hack your host or managed services provider. A complete disaster recovery plan is yet another layer of protection for your data as it could be structured so that the offsite backup is in a location that your server cannot see.
Any business that requires their data, needs to ensure that they have a tried and tested solution for the recovery of their data. The worst is coming…
- Link to Sami Laiho Twitter http://tinyurl.com/jmygy9n
2. Link to an LA Medical CryptoLocker story http://tinyurl.com/hgx2day