The Problem of Hackers is at an All-Time High Both Internal and External in Today’s Organizations
From the famed mask of V for Vendetta to the hooded figure in Mr.Robot, Hollywood portrays hackers as scary anonymous figures.
The media has led many to believe that their only serious online threat is a man in a poorly lit room wearing a hood and a mask. But the harsh reality is only one-quarter of breaches can be linked to cybercriminals. That means 75% of online breaches are from other sources, and surprisingly, some very close to home.
The Internal Hacker
While hacks can come from unidentified cybercriminals, feeding into the anonymous stereotype, the majority of hacks are actually from familiar sources. In the 2016 Cyber Security Intelligence Index, IBM discovered that of the cyber attacks carried out in 2016, 60% were inside jobs.
Many companies are ignorant to the possibility that the loss of private information is the responsibility of one of their own employees. Although many employers would like to trust their workers, the reality is that many would sell private company information for a personal profit.
A study conducted by Clearswift stated that approximately 35% of workers would steal and sell private company data. The results from this study highlight the risks associated with trusting employees with highly sensitive information.
Certainly there are employees with bad intentions; however, sometimes a breach can be caused by naivety. Private data can be exposed simply by an employee clicking on a phishing link or responding to an email from someone posing as a known party.
Although unintentional, this is a common mistake an employee can make that immediately grants access to a hacker. The problem of inadvertent employee-related breaches is often directly related to lax security practices, inadequate guidelines and requirements around protecting company and client documents and data, and lack of proper training of employees in online security and company protocols.
The External Hacker
As mentioned before, the stereotype of a cybercriminal using cryptic messages and distorted voices that Hollywood portrays is far from reality.
In fact, cyber attacks are rarely sophisticated. They only seem that way when you compare them to uninformed employees and basic security systems.
The external hacker is often someone who has used readily available online tutorials and purchased easily accessible tools to teach themselves how to hack computer systems and passwords.
One of the leading ways in which these hackers are targeting companies is through ransomware, which disables a computer and effectively holds the user’s files and data “hostage” for a ransom.
A fee is demanded to release the computer and, in some cases, the user pays the ransom and still never regains the use of the computer. Hackers often gain entry through phishing, malware or other methods that “trick” employees into providing unintended access. They are able to download the software necessary to take control of an employee’s computer, or a company’s entire computer system.
Until companies prioritize protections against hackers – including products that replace the problematic password system, rigorous training for employees and accountability for following security protocols – there will continue to be costly breaches, loss of productivity and loss of clients and reputation.
The probability of a company being hacked is at an all-time high and the threats are coming from a multitude of sources, including those inside a company’s workforce. Companies need to recognize that hackers are everywhere and take adequate steps to protect themselves from any type of unauthorized intrusion.