U.S. businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.
“Everyone is at risk,” said Richard Hale, one of the Pentagon’s top cybersecurity officials. “Every business that is hooked to the Internet is vulnerable. It’s like gravity; the threat is all around us.”
But this couldn’t happen to your company, right? According to Shawn Henry, a top FBI cybersecurity official, it probably already has.
“There are a couple of classes of organizations in this world,” Henry said. “There are organizations that have been breached, and there are organizations that don’t know yet that they’ve been breached.”
Thwarting what experts call “advanced, persistent threats” from cyber intruders is now a reality for all CEOs and business owners. The key, experts say, is understanding how systems can be hacked, and the steps to take to prevent it from happening.
How do hackers infiltrate networks?
Dmitri Alperovitch, co-founder of CrowdStrike, a security technology company focused on helping enterprises and governments protect their most sensitive intellectual property and national security information from cyber-espionage threats, says that in some instances, the initial approach is actually physical.
(Related: 10 Ways Companies Get Hacked)
“They may approach you at a conference that you’re at, hand you a USB keys perhaps or ask you for a copy of your presentation,” he said. “You’ll hand them your USB key. It’ll come back with a present, a piece of malicious code on it that once you plug into your machine it will cause an infection.”
In other instances, the approach may be an email or an instant message from a trusted source. The hacker disguises themselves as a customer, co-worker or even a family member and asks you to click on a link to see a picture of yourself or to read a document. Once you click on that link, you’ve just given the perpetrator access to your computer.
Once they’ve gained access to your machine, they will use it as a beachhead and begin to navigate laterally from computer to computer until they’ve gained the required credentials to access the entire network.
What can you do to protect yourself from an intrusion?
Hackers can enter your network from any machine, so the first line of defense is to “harden” your computers. This means ensuring that all employees are using strong passwords, changing passwords regularly, ensuring antivirus software is automatically updated on all machines and ensuring the latest version of your operating system’s software is installed.
David Burg, a principal in PwC's Forensic Services practice, says that corporations must have “good security hygiene” and get the “fundamentals of security correct” if they are to keep intruders from hacking into their networks.
End users, or your employees, must be trained and understand the threat and tactics used by hackers to gain access to the network. Clear and concise network usage guidelines should be updated and distributed to employees regularly, ensuring all employees fully understand what they can and cannot do on a company computer. You then must develop the capabilities to monitor employees for compliance to these guidelines.
The second line of defense is to compartmentalize information or provide additional measures or vigilance around your most important or sensitive information. Your company may not have the capability to adequately monitor your entire network effectively, so you may chose to focus your assets on your most sensitive information. Do the electronic communications between your CEO and the executive staff warrant additional monitoring? What about your strategic capabilities or perhaps your information supply chain?
Whatever you decide is your most valued information, a second layer of increased vigilance, and a more complex system of defense may be prudent and more cost effective for your company. But at the end of the day, the best defense against intrusions is disciplined employees who strictly follow network user guidelines.
If you outsource any services to a third party, Hale suggests having a “serious conversation” with that company on how they harden their computers, monitor their network and respond to a breach.
What do you do if you’ve been hacked?
You may have done everything right, but a hacker may still find a way into your network.
Hale said that companies should already have a plan in place.
“You must think through this in advance,” Hale said. “What are you going to do? Who has responsibility for what? How do you notify the police? How do you notify customers? How do you replace critical infrastructure?”
There are so many cyberattacks on corporations that the government simply does not have the capability to pursue every intrusion or monitor every .com domain. So whom do you call if you’ve been hacked? Companies like CrowdStrike or PwC provide services for corporations that have been compromised in order to help them investigate the intrusion, identify who the culprit is, determine what was lost, and assist with securing the network.
Usually the result of the private company’s investigation of a hacking incident will be the initiation of a criminal investigation by local or federal law enforcement agencies.
For more information on how to protect your intellectual property from cybertheft, please visit the following websites:
- Department of Homeland Security
Cyber Security Technical Resources and Incident Reporting
- Federal Bureau of Investigation
Cyber Crime Alerts and Reporting
- United States Computer Emergency Readiness Team
Security Publications, Alerts, and Tips
- National Security Agency Central Security Service
Cyber Security Guide