Security Lessons Taken Right From the Hacker’s Playbook
As we hear news about large-scale hacks and data breaches, there’s a temptation to picture attacks like those in television shows and films like Mr. Robot, Live Free or Die Hard and other works of fiction. These attacks are often carried out by criminal geniuses or nefarious nation-states, utilizing of a crippling zero-day vulnerability or superbug to bring society to its knees.
While such stories can make for great entertainment, is this trend toward huge, sophisticated hacks in fiction representative of real life? As it turns out, apparently not.
Penetration company SafeBreach released the second edition of their Hacker’s Playbook, which describes the experience the company’s researchers had as they simulated almost four million methods of data breaches between January and September of 2016. Those that succeeded were analyzed to establish how the hacker entered the system, how they moved about the system, and how they stole data away.
The results were surprising, to say the least. The most successful attacks that were run were those that have been around for years. The old “.exe file in the email attachment” trick was effective in a quarter of all attempts that were tested, and assorted malware-distributing exploit kits and zip files tested to be very effective as well. In short, the vast majority of vulnerabilities came--not from the cinematic doomsday plots of superbug-wielding geniuses--but from the old, tried-and-true issues and user errors. Oftentimes, measures meant to stop malware aren’t configured properly, leaving a system exposed and underprotected.
So what does this mean for your business?
Quite a bit, actually. Reflecting upon such trends, it is essentially guaranteed that a hacker could make off with whatever data they could want. However, businesses can still take preventative measures against this by implementing the proper solutions (like firewalls and spam blocking tools), educating their employees as to the threats that are out there, and properly maintaining their systems.