There are six big hacking threats facing IT today, and I’m sorry to tell you that the hackers are winning. In just the past month, the world’s biggest bourse operator by market value, Hong Kong Exchanges & Clearing Ltd., suspended trading after its website was hacked; the Bay Area Rapid Transit (BART) system was hacked, exposing customer and employee data; and Nokia’s developer forum was hacked, compromising user e-mails and other personal info.
Those are the hacks we know about. There are likely hundreds more that went undetected and unreported. The simple fact is that no organization is safe—even the security technology vendors. A user at RSA opened what appeared to be a spreadsheet attached to an e-mail, touching off an intrusion that compromised an RSA security technology used widely by the US government and Fortune 500 companies.
In an ironic twist, even the Wikileaks website, infamous for posting corporate and classified information, was hacked, resulting in the public release of secret diplomatic sources. If that’s not sensitive data, I don’t know what is.
Hackers are a problem for nearly all organizations, because most still rely on traditional perimeter security—VPNs, firewalls, IDSes, IPSes—things that protect the network’s borders. These approaches were once all you needed to prevent most attacks. But perimeter solutions aren’t holding up anymore. Hackers are getting past them with ease. Easy to use hacking tools are readily available, allowing anyone with a PC and a motive to penetrate networks. If you can spell, you can use these tools to compromise a network. And once you’re in, you often have access to everything.
To stay ahead of the hackers, we have to move beyond securing network perimeters and physical devices to securing data. Even the hackers are telling us to do this. A recently jailed hacker criticized organizations for not using encryption software. Indeed, encryption is one of the most important keys to neutralizing the hacker problem. But even encrypted data can leak, as we learned when the RSA hack led to an attack on its customer, Lockheed Martin.
An extra step is needed. For example, the Unisys Stealth Solution takes the extra step to make the encrypted data invisible. And today we announced the Unisys Stealth Solution for Secure Virtual Terminal (SSVT), which integrates our Stealth technology on a Federal government-certified USB device to allow teleworkers and other mobile users to safely share enterprise networks from any location.
If you want to learn how to evade hackers, step one is to get an education on hacking techniques and the failures of the existing perimeter and device security model. Step two is to then introduce the correct technology. With that in mind, I’d like to spend a words covering the six biggest hacker threats facing IT today, and how you can protect your organization.
The top six threats are primarily about the theft of information, but each can have devastating financial, legal, and public relations consequences for organizations that are exploited:
In my next post, I will walk you through each one of these threats. I will explain why they are a threat, how hackers pull off these exploits, why the current IT security model fails, and how you can change the dynamic to protect your organization’s information assets—including the role that Unisys Stealth and the Unisys SSVT device can play.