Businesses Most at Risk for Internet Hacking
Biggest Threat is Human Error, not Software Error
In the past it had been Trojan Horse viruses that were worrisome—guised, much like the mythical Greek wooden horse—as something they weren’t. But now the sophisticated criminals are finding other ways into the most heavily protected networks, and much like a medieval fortress, it only takes one guard to let the barbarians through the gates.
“It comes down to finding an administrator and socially engineering them to load bad software,” says Alan Paller, Director Research at SANS Institute.
Paller says companies are responding not merely by using better software to protect themselves, but by using better programmers. He says the biggest threat is still one of human error, not software error.
“We’re still seeing that many companies are not testing their programmers. They are testing the software after the fact, but not testing those who write the software.” Pallers says that no company can plug all the vulnerabilities but that better coding is making companies safer. “The defense is making sure the programmers know how to write better code. The smart companies are hiring from colleges that teach secure code.”
DeSot says that the smart companies are also those that realize that being prepared and diligent is far more cost effective in the long run. “It is a hard pill to swallow for many companies, but if you have a breach you have the marketing costs and the good will costs not to mention the actual costs to recover from it.”
The numbers of being diligent show that it is actually just a small part of an annual operating budget.
“It has been said, ‘If you spend more money on coffee than security you deserve to be hacked,’” says Kindervag, “and if you get hacked and lose data you’ll spend more money on legal fees than you would have spent on security. The numbers are staggering.”
Kindeervag says that that even with so many threats there remains a sense of complacency, one he questions.
“We think no one wants to hack me, but when you live in a bad neighborhood you tend to have a bit of paranoia. We need to accept that and realize we all live in a bad neighborhood when we connect to the Internet.”
Watch the premiere of "Code Wars: America's Cyber Threat," Thursday, May 26, at 9pm, 10pm, 12am and 1am ET.