It has been said that state-run hacking is how World War III will be waged.  In the present time, hundreds of millions of records of private data have been stolen from corporations large and small who thought they were protected.  This affects all levels of an organization, and particularly our clients and consumers.  So, what do we do?

Hacker: a person who looks for and exploits weaknesses in a network or operating system.

First of all, we must understand cybercrime.  According to Wikipedia, “a hacker is someone who seeks and exploits weaknesses in a computer system or computer network”.  A hacker might be intentionally trying to access information for personal monetary gain or to damage a system because he/she doesn´t like the company.  Others do it for the thrill and pride of being able to access systems that have been set up at large expense to prevent unauthorized entry, but there is always a back door, a vulnerability that a hacker will find and exploit.  These hackers sometimes work alone, or as a syndicate, and others can be hired as another front in an already existing war or rebellion.  Because there are so many motives behind hacking, and there´s more likely an entrepreneurial aspect to it, it is very difficult to fight against it.  Without motives or sometimes even financial backing, it is hard to thwart efforts of individuals who are able to use their minds to damage large institutions and states.

One more thing, once a company is hacked, you can´t get the information back from the hacker.  It´s out there and under the control of the hacker or whoever hired him/her.  It could be an ex-employee, a political movement, a whistleblower who didn´t like what the company was doing, or a teenager who doesn´t plan to do anything with it.  Perhaps you can find the person and get him/her behind bars, but once breached, the damage is done.

So now that we understand who does it, how do we prevent or protect a company from losses from hacking, reputational as well as financial?

On average, computer systems have been hacked 220 days after they have been hacked.  Antivirus software, firewalls (software and hardware), and other traditional forms of protection are obsolete.  At any given time, hackers can access computer systems with emails, through old versions of software and browsers, company laptops salesmen take on the road and connect to wifi at a hotel or coffee shop, and worse of all, Android phones.  The larger the corporation, the more numerous the opportunities to find a vulnerability, an unprotected terminal, but this problem is not just for large corporations.  Small companies, with perhaps less of a budget for cybersecurity, are increasingly vulnerable, and losses from hacking could cripple them.

Cybersecurity starts with education and training.  All employees, upon hiring, must be trained on the company´s values and ethics, the usual operational procedures as well as guidelines on dealing with strange email, USB memory cards, installing 3rd party software on office computers, and other user-level security measures.  They must also know how to identify phishing (fake messages from seemingly familiar persons) and whaling emails (seemingly from a high executive, but false).  For this, competent lawyers can be hired to draft a complete employee handbook that not only ensures employees know what is expected of them on their day-to-day tasks, but also how they must diligently protect the company from cyberattacks.  Also they must be aware of the consequences of not following these guidelines, or of deliberately breaching these protocols and exposing company information.

Security starts with the day-to-day procedures that employees must follow.

Along with procedure manuals and employee handbooks, confidentiality agreements must be drawn for all employees with access to sensitive information, where they commit and expressly agree to certain protocol and guidelines to help prevent data leaks, and affirm they will not deliberately retrieve and disclose information to third parties.

Another strategy against hacking is insurance.  Once hacking takes place, there are reputational and financial losses.  Insurance policies can be drawn up to include, depending on the type of company involved, PR campaigns, recalls, notices to change passwords, as well as crisis management to secure the network with additional systems, hardware, software and employee training.  Also forensic and legal expenses may be incurred to find and accuse an alleged hacker or group of hackers.  Cyber insurance is a new area, which makes it easier to contract a policy that best fits your company needs.

Last but certainly not least, is the main weapon that must be acquired to fight off hackers: a robust and integrated program that analyzes all live processes as well as all terminals and servers, to ensure there are no unauthorized programs run behind the scenes.  The best programs that offer this kind of analysis can generally find unauthorized programs in the first 20 minutes of analysis.  The programs they find are not in the usual antivirus updates because new ones are created every day, and these are referred to as “zero-day attacks”.  Zero day script is new and original software introduced into networks and is it impossible to keep up with considering the types of hackers who create it.  Instead, these robust, integrated programs such as Cyfir, CyberArk, and others which detect any process that is not authorized and isolates it until it can be determined it is, in fact, unauthorized.

Corporations large and small are coming to grips with the new reality, and in an ever-changing landscape of cybersecurity, much deliberation must be involved when establishing company policy, guidelines as well as the procedures to be followed in the event of a cyberattack.  The CEO, CIO and all members of the organization must work together with their legal team to implement the best strategy to defend against hackers and manage their response.

EN