A security breach (also called “hacking”) is a security attack by someone who only objective is to be malicious to an organization’s network. Websites are hacked many ways, one example would be by creating and injecting into a network a malicious application (Virus, Trojan, Malware, etc.). Security breaches happen when the security policy, procedures and/or system are altered or violated without it being a network administrator’s plan or with their knowledge. Depending on the nature of the incident, a security breach can be anything from a simple low risk situation to a highly critical situation.
How do companies discover they’ve been hacked?
In an organization or company, security breaches are typically monitored, identified and mitigated by a software or hardware firewalls, IPS (Intrusion Prevention System) or a Network Logger, as well as many other network security products and services. If an intrusion, abnormality or violation is detected, a notification to the network or security administrator is issued, in a perfect world. Unfortunately that does not happen routinely as the breaches we see today are very carefully created to not be detected easily and in many cases bypass the warning bells and whistles that would usually go off.
The problem is that many breaches or attacks have been in the organizations network for 6 to 18 months without knowledge or visibility as it may be waiting or quietly working in the background while it is collecting the desired pathway and information to one day suddenly and without warning do what it is made to do all of a sudden and without warning. Data breaches can happen at anytime and in some cases are working their damage so subtly that it is hard to see.
So why does someone create and implement a breach? I like to say there are three main reasons why the A, B, C’s of an individual (or bad group) that create the motivations to breach and organization.
Let’s go backwards…”C” is for Cash. Many of the breaches we have heard about lately at Target, Home Depot, etc. are about getting individuals or customer’s credit card and debit card numbers. Cash is a top reason retailers get breached. Other cash reasons are to take intellectual property from a company. For example, think if someone was able to know Apple’s new products being planned. Someone could steal their ideas and market it before Apple without the time and expense of any major research and development costs. Or maybe someone is able to get the plans for an unreleased new iPhone and then they would be be able to make cases before anyone else could. Overall, “C” is for someones financial gain.
“B” is for bureaucratic. Political and competitive reasons are why someone would take down an organization’s web site or rage havoc on their network. We have seen it with the Syrian Electronic Army and other governments or organizations that oppose another organization. This is about hurting or seeking to damage their reputation an organization they oppose.
Finally “A” is for asshole. While not very poetic, it simply describes the personality of someone who wants to mess with someone or an organization just because they can or they just don’t personally like something. While all of the situations deal with “A’s,” they do it just to make havoc for personal satisfaction.
Can these network security breaches be stopped?
Many ask why it can’t be stopped. That is the tough part. Technology is every changing and extremely multi-leveled. To see everything that is happening in an organizations network is almost impossible. The goal is to be pro-active and stop breaches and hacks before they happen. But the way the bad guys get in is always a new way each time. Since the entrance point or exploited point of entry is new and unknown,it’s hard to stop since it has never been seen before and the guardian software would not be looking for it.
Some of the ways that organizations try to be proactive is looking at the way information, applications, users, software, hardware, etc. act within a network. In other words are there patterns of how things usually or allowed to happen changing by themselves all of a sudden?
Next blog let’s visit what a network commonly looks like and what IT managers in organizations have to deal with on a day-to-day basis.