Why organisations get hacked?
By Prempal Singh
Being a security consultant and alternatives architect helping clients in the EMEA region design and implement security strategies to protect critical network infrastructures. A trivial question it might seem to be but deeply started in the fact that we as humans are often the weakest website link in complex cyber security systems and do make errors.
There are 7 reasons why companies get hacked which is based on the experience working with clients in several sectors including banking, healthcare, insurance, oil & gas, etc.
1. Humans are the weakest link:
Human is programmed to make mistakes. That’s how we learn. That’s the way we have evolved biologically. Even with a team of experts they still manage to impact lots of rockets before docking successfully to the ISS.
The same should go for cyber security. Faults will be made, not if, but when. Whenever that happens a striking window opens. A hacker may strike within that gap. Even in the most tightly handled sites, humans make mistakes. This really is inevitable so the best defense is to apply robust security measures, but also plan and make for fast remediation.
2. Cybersecurity technology is very strong but expertise is weak:
With all the stories we hear in the reports about several small and large organizations being hacked a naive question may be asked as to the reasons firms can’t just buy the most secure and advanced solution and be done with security. Everything is not so simple.
To get one, security systems designed, applied, and managed by humans. As long as that remains the case a flaw may always look in the chain. Furthermore, cyber security technology is extremely strong and are not short of amazing technology.
3. Hackers have the edge:
Hackers do what they do just for fun, for money, for government and professional espionage, for political reasons, etc. They simply have to find one flaw in a process whereby security administrators must patch and protect against for all those flaws – whether technological or sociological. That is not a level battle!
What really matters is how fast an organization can react to security defects, patch holes, learn, react, train, and continue to strengthen security measures and on-going processes against internet attacks.
4. Cybercrime pays more:
Cyber criminals are moving to the digital ‘battlefield’. It makes sense since cyber crime is apparently clear, less risky, and the chance of being captured seems remote.
One can look at the recent cyber attacks at several banks that exploited the Swift banking system with several millions of us dollars at risk about what appears to be the greatest cyber theft attempt ever. Online crime is seamless, it’s cyber, and it’s often untraceable. Not any wonder why this has become more and more a safer alternative for traditional criminals.
5. Humans do fall sleep in the cyber battlefield:
Security administrators can fall asleep in the ‘cyber battlefield’. When that happens hackers may hit. Unless processes are placed in the destination to constantly review security systems, improve products, learn from failures, and keep managers and staff trained, the cyber security defenses in any organization will stay weak against Advanced Persistent Threats (APT).
6. Technology as whole moves very fast. The pace is relentless:
With technology moving at lighting acceleration it is not unexpected that humans can’t keep up with cyber disorders. Perhaps we should let the ‘machines’ with AI take over cyber security administration and let them enforce security and take humans out of the equation.
A little extreme of course, but not impractical. For one, machines can follow rules flawlessly and keep plan the speed of cyber attacks as well as adapt much quickly than humans can. They won’t get to sleep in the cyber battlefield and may prove to be less sloppy than humans at maintaining security specifications and processes. But that is still a good way before ‘Skynet’ can automatically defend organizations against hackers without the human’s involvement.
7. In cyberspace you only know what you know:
The challenge of the internet is the ghost-like transactions that happen faster than humans can deal with. What is absolutely occurring in your network may be a mystery. Although, with security analytics really know what you have to know is good. Know what an individual know is better.
Source: www.icyber-security.com