Common Misconceptions Surrounding Hacking We’ve Heard in Louisville Kentucky
Since launching our Cyber Security department in 2019, we’ve received a whirlwind of questions surrounding this developing need from the Louisville business owners. While some of these questions involve understanding the motives or methods of hacking, many revolve around the criminals that perpetrate these damaging attacks on businesses. Today we would like to highlight just how complex this issue can be and address the more common misconceptions we hear from both large and small businesses looking to learn more and start engaging in preventative measures to protect against hacking attempts.
“Know your enemy”
So, who are these hidden cybercriminals lurking in the shadows? While they are often labeled as a teenager or overweight man in a hoodie chugging energy drinks in his parent’s basement, that’s just a Hollywood stereotype. In truth, the main perpetrators of hacking attacks are highly educated white-collar criminals, foreign government organizations, and cooperatives formed in less regulated and policed countries whose abilities should not be underestimated. As Jonathan Maberry once wrote, “Know your enemy. The more you know about them, the less easily they can surprise you. And by studying them you might identify a weakness or vulnerability.“
With that said, it’s time to explore some of the common misconceptions about cybercriminals and what you should really be thinking about when building a defense against hacking attempts.
They rush to get in and out of systems.
A decade ago, hackers commonly crashed computers and caused visual disruptions on your machines. This made the user instantly aware that they were experiencing issues or being hacked. These days, perpetrators of cybercrime will penetrate a network without the user ever knowing. Oftentimes, the hacker will spend months, even years, monitoring what you do, who you interact with, and the purpose of those relationships. They even observe and track how you interact with specific individuals. Allowing them to target high-value connections and use that relationship as a cover. Once they’re ready to pounce, they’ll know precisely who to contact and how to communicate their requests without suspicion.
What makes this issue worse is that the technology we all use is elevating their capabilities as well. With modern, more powerful equipment and programs, Hacking is taken to the next level. The intrusion process, monitoring process, and tracking process can be almost completely automated. Allowing for more frequent, persistent hacking attempts that significantly increase their chance of success. This also allows a hacker to remain in a system for longer periods of time, without missing a good opportunity to strike.
Hackers only attack huge companies not a locally owned, small business
When security breaches make the news, it’s typically because a major company or software platform has been attacked. The average business owner isn’t privy to the stories about the neighborhood car dealership or local warehouse/distribution center, with 40 employees, who came into work one morning only to realized that all their files are now locked, and the only way to get them back is to pay 90 bitcoins (approx. $800K) in order to get their financial files and contact lists back. These businesses had two options: Pay the ransom or go out of business.
According to Verizon’s most recent data breach investigation report, more than half of all small businesses suffered a breach within the last year and in 2018, 71% of ransomware attacks were targeted at small businesses.
As we previously mentioned, we are no longer dealing with run-of-the-mill basement hackers. These criminals know exactly what they are doing, how to do it as efficiently as possible, and who can’t fight back. Think about it, if you were in their shoes would you rather hack the multi-million-dollar corporation with a dedicated cybersecurity team and more advanced technologies or the locally owned shop that’s still running Windows 7 and the free version of AVG. With their optimized hacking methods, they don’t need a big fish to cash in a big check. With practically no resistance, they can infiltrate 15 small businesses and collect hundreds of thousands if not millions of untraceable, virtual cash.
Antivirus is enough to prevent a successful hacking attempt
Relying on antivirus alone to protecting your business was fine ten years ago, but attacks have evolved to bypass that kind of protection. Even if you combine your antivirus with malware or spyware platforms it won’t provide the security measures needed to prevent the common hacking methods used against businesses in 2020. Cyber Crime is no exception to Moore’s Law. Humans are opportunistic and this is especially true to those pursuing the latest hacking methods to improve their rate of success.
Businesses of all sizes should be pursuing a layered security approach using user training, endpoint and server protection, system configuration best practices, e-mail filtering, and vulnerability management. This approach includes technologies like EDR solutions (Endpoint Detection and Response) that monitor your network for Advanced Persistent Threats (APT), which often use malware-free hacking techniques and security vulnerabilities to access a network.
The Cost of Cyber Security is Too High
Unfortunately, the cost of being hacked is even higher. With over 60% of hacked businesses closing within six months of experiencing a data breach, it’s something most small businesses can’t afford. That doesn’t mean you should run out and buy every security measure available. Your business is unique, and so are your cybersecurity needs. By understanding your network, system requirements, and vulnerabilities, a good cyber securing plan should be customized to ensure the necessary precautions are met, without draining your resources. That’s what you’re trying to prevent, not cause.
Undertaking Cyber Security to prevent hacking attempts is not an easy path to walk alone, but in 2020 it is a necessary one. By finding the right partners, you can get the right consultation, and avoid being exploited by the fly-by-night, predatory practices that anyone leveraging service industries is susceptible to. That’s one of the reasons we felt the need to expand our business to include these types of offerings. Louisville is a rapidly advancing hub for technology. We want to make sure that our friends and family members in the Louisville community and across Kentucky are protected and able to pursue their business goals and the American dream free from the threats that are growing against them.
When you’re ready to learn more and figure out what your business’s cybersecurity needs are, give us a call or fill out the form on the contact page linked below. By having a conversation with one of our team members you’ll, at a minimum, come away more informed about some of the potential security measures you can put in place to protect your business.
Thanks for taking a moment to read our article, stay safe out there and keep us in mind if you need any help.