The news is full of data breaches, cyber crimes and hackers. What is hacking? And who are these hackers who hog the headlines? In this post, we look at who is actually posing a risk to your data, the ways in which hackers infiltrate your system and what they want from the information they find.
Who are hackers?
Computer hackers can usuallybe categorised in one of two ways: white hat hackers and black hat hackers. White hat hackers are those who hack as a way to improve organisational security. For example, if you own a large corporation you can hire a white hat hacker to look for holes in your security systems that might provide a way to be compromised. Think of white hat hackers as the good guys.
Black hat hackers, on the other hand, look for system vulnerabilities to exploit for their own gain. They are usually acting illegally, and looking for information they can either sell to other hackers, use to steal funds or to ransom back to the original owners. These are the villains in our story, and are very efficient. Your systems can often be hacked without you even noticing that there has been an intrusion.
How do hackers hack?
Most hacks fit into one of the four following descriptions: script kiddies, vulnerability exploiters, system breachers and nation-state attacks. You can see each description in full below:
- Script Kiddies: This is a somewhat derogatory term for new or young hackers. Script Kiddies don’t usually have many skills of their own, but instead, run scripts written by others to exploit vulnerabilities. These scripts can be found or purchased online by anyone who is interested in creating varying levels of chaos online.
- Vulnerability Exploiters: Hackers who search out vulnerabilities and create scripts to exploit them. These hackers have considerable skill, and look for flaws in software and applications to find a user’s personal information.
- Complete System Breachers: The most dangerous of hackers who typically only target large-scale, high-profit organisations. These are the Ashley Madison or Yahoo! hackers who look for large paydays from ransoming information back to the original owners. Most website owners should fear these large-scale attacks.
- Nation-State Attackers: This category is for massive scale attacks executed by foreign governments. These hacks are typically carried out attempt to obtain sensitive information or tamper with established policy. Notable Nation-State attacks include espionage, sabotage, voter tampering, propaganda and economic disruption. Recent attacks have included North Korean, Chinese and Russian nation-state attacks. Nation-state attacks can also occur on their own citizens, as we saw in the Snowden revelations. Typically, these types of attacks occur to create chaos as seen in the WannaCry ransomware attacks.
Basic Security Protection
The great thing about hackers is that they do their best to make their work easy. This means that they typically only hack easy targets. Basic security protections can usually ward off most potential hacks. This is simply because hacking a more secure system is a lot of effort for little reward.
One basic security precaution is to keep your software and systems up to date. Set alerts to notify you when you need to update an aspect of your website, and complete updates as soon as possible. Use unique passwords and regularly update them. Never share passwords for multiple accounts, and make passwords as long as the system will allow. Stay away from usernames like “Admin” or “Guest,” and ensure that every user has their own login information.
There are additional tools you can add to your system to tighten security measures. Installing an SSL Certificate protects data as it passes from one point to another by encrypting your data. Firewalls can protect against intrusion by monitoring all incoming and outgoing network traffic. Server monitoring systems can alert you if your system is compromised. Additional protection enables you to act fast and secure the entry point. However, the best protection is an understanding of your systems and the weakest entry points. By knowing how hackers find access to secure data, you can better ward off attacks.
For additional data protection, be sure to take a look at our Sitelock tool. Sitelock protects your data and checks for any previous intrusions. You can scan up to 2500 pages, including SQL injection and website application scans. Simply add the Sitelock tool to your CHI account for daily website monitoring and automatic malware removal.