Hacking shows no signs of scaling down
This year the world has possibly experienced the largest number of large-scale data breaches ever (read more about it here). Many of these breaches—involving government departments as well as private organizations—were a result of hacking by third parties. And going by recent news, it is likely that such breaches and large-scale hacking will become more common.
The economic drivers behind hacking have evolved dramatically over the years. In the past, hacking was done for amusement. Hackers focused on defacement (also known as hacktivism) to embarrass large organizations and their security set-up. They would often blackmail site operators with attacks that brought websites down (a “denial of service” attack), leading to the invention of the network firewall to stop this. However, as companies began digitizing organizational data on a large scale, hackers discovered that such data was worth a lot of money on the black market. Consequently, hacker focus has shifted in the last few years from denying service to stealing data.
There are various tools available today which can help hackers attack thousands of victims in just hours. Varieties of such tools and “ready programs” are available on the darknet (a computer network with restricted access that is used chiefly for illegal peer-to-peer file sharing). Additionally, hacker forums tend to exemplify the spirit of web-based collaboration and education, offering a rich menu of tutorials, advice, and technology designed to steal data.
Unfortunately, many organizations have been unable to keep up with advancements in the hacking ecosystem and remain equipped with old cyber security models designed to keep the ‘hacker-of-the-90s’ out. This needs to change. Organizations need to invest in building a robust preventive framework, which must include the following:
- Data protection – Developing a robust data classification regime that restricts data access to very few employees can be a start. Several large organizations already restrict access to data around financial information, employee information, business plans and client details. Alongside this, organizations can also limit the transfer of data to reduce potential access points for hackers to invade internal systems.
- Subscribing to suitable and up-to-date protection tools which can block links to known malicious sites can prevent access at an enterprise level. Further, encryption must be strongly recommended for all devices accessing organizational networks for data.
- Continuous monitoring of internal controls can help identify potential instances of data leaks or breaches, as well as suspicious activity.
- Focused training programs – Organizations can segregate their employees into different user groups based on the information they are privy to, such as those in the procurement function, finance and accounts staff, customer relationship team, sales team, etc. Depending on the level of information these employees hold, focused training programs must be organized to help them recognize potential hacking scenarios and avoid them. Further, any known instances of hacking attacks can be shared throughout the organization to warn employees. A leading best practice is to have the IT security team share this information along with recommended actions.
In addition to a preventive framework, organizations must also invest in a cyber incident response plan to prevent large-scale hacking. This includes conducting a comprehensive forensic readiness assessment, investigating the potential scale of the incident, assessing the damage caused based on the data that was sought, and having a remediation plan including a root-cause analysis.
As organizations mature, there is bound to be increased reliance on digital platforms to host data. Without the right security measures, these data platforms are likely to invite new age hackers.
You can read more about how technology is affecting the fraud risk landscape here.
Authored by: Jayant Saran, Partner, Deloitte India