Over the last decade, I have seen computer hacking evolve from being a competitive sport to becoming a destructive arm of organized crime. The magazine, Wired, recently highlighted several high profile hacking cases where identity theft or impersonation played key roles. Once the domain of the stereotypical “lone geek,” more recent security breaches can be attributed to an older generation of international hackers who offer their skills to the highest bidder. These mercenaries no longer target individuals or small organizations. Instead, their prime targets are companies that have the highest potential for loot, with payment processing companies and banks at the top of their hit list.
For every high profile breach that hits the news, there are several that go undetected. This game of chess between the attackers (black hats) and the security experts (white hats) has been going on for years. The tools both sides use to attack and defend have become much more advanced, but the most common are still SQL injection and DNS redirection. Sometimes the white hats come out on top by removing any holes for the black hats to exploit. In these situations, black hats will use brute force to take down servers by hijacking legitimate users computers.
Like the ever-multiplying Agent Smith in the final Matrix sequel, growing numbers of ordinary computers in an organization can increase the possibility of a successful security breach even in the most secure server environments. These botnets, as they are called, can number in the thousands and the owners of these infected computers are completely unaware of their role in the electronic warfare being waged against their company. Black hats spend weeks or months amassing large botnets by setting up malware traps on high traffic web where hosted content is not adequately protected.
Practicing safe and common sense web surfing is the best way to avoid letting your computer become a zombie drone. Maintaining up to date security software is of the utmost importance. Unfortunately, common sense security practices are not so common. For example, using the same password to access both confidential and non-confidential information drastically increases your risk of being hacked. Another common mistake is throwing away your old hard drive when it fails or when upgrading to a new one.
The last example is a poor security choice for several reasons. When a drive is thrown away or sold, the data can be recovered and read by someone other than the original owner, even on a failed drive. This is an enormous security hole that can come back to haunt you. Many companies eliminate this risk by using industrial shredders to physically destroy unwanted drives.
Instead of destroying these drives, choosing to keep them can provide you with additional backup in case your regimented backup schedule fails in some way while simultaneously increasing data security at a relatively low cost.
While regular computer users have a lower threat of being hacked, they are very susceptible to identity theft and there is no easier way for your personal data to be obtained than from your old hard drive purchased on eBay or found in a recycle bin.
Although 100%, hack-free security isn’t possible, taking just the suggestions mentioned above will greatly reduce both you and your companies risk of very costly and highly damaging security breaches.