Story image

Hacking a risk to all businesses, no matter the size

15 Aug 2016

Cyber security is an issue facing all businesses regardless of size, type or location.

That’s the stern word according to Aura Information Security, who says the recent hacking of several New Zealand schools is a timely reminder about the importance of security.

Aura Information Security general manager Peter Bailey says that while schools may seem an unlikely target, they have resources and information that hackers find valuable. The same applies to most businesses in New Zealand.

“In the case of the schools hacking, it is possible that servers and storage may have been taken over by attackers. In addition, the personal information schools often hold may also have been used for ‘downstream’ crimes,” Bailey explains.

“When resources are taken over by hackers, they can be used to store contraband such as illegal digital content or to launch further hacking attacks on the information assets of other organisations,” he says.

Personal details, such as those contained in school systems, can be used by hackers to perpetrate identity theft. This data can then be used for crimes such as opening fraudulent lines of credit.

If the email accounts of senior school staff members are hacked, those individuals can be impersonated to request payments from the finance team for bogus invoices (this is also known as the ‘CEO Fraud’, where a message purportedly from the boss authorises a payment). Because the email appears quite legitimate, hackers often succeed.

Notably, Bailey says schools and small-to-medium businesses have something in common where security is concerned.

“They often have similar IT and security setups featuring weak passwords which are used for multiple services,” he says.

“This makes it relatively easy for hackers to ‘brute force’ the password. Brute forcing is a technique where hackers use a computer to automatically guess a password until they gain access.”

Is your business at risk?

According to Bailey, the short answer is yes. ‘

’Like schools, small-to-medium businesses tend to focus on ‘why’ they might be hacked, often coming to the conclusion that they don’t have anything of particular value in terms of information assets,” Bailey says.

“This leads to the inevitable conclusion that information security doesn’t warrant priority.”

Bailey says nothing could be further from the truth, as the school hacking has demonstrated.

Information such as customer lists, trade secrets, financial, corporate data and credit card information is valuable to them.

“Today, hackers aren’t generally breaching computer systems for mischief. Instead, they are looking for things that are relevant and which give them an advantage,” Bailey explains.

“This includes information such as credit card details which enables them to directly make money, or information and resources which help them indirectly hit payday,” he adds.

Because hackers make use of automated tools to run their attacks, any organisation at any time is at risk, says Bailey.

These tools scan the internet looking for vulnerable sites, whether a school or business and, in much the same way that a burglar will seek out the unlocked house, hackers pick the easy targets.

“Generally, if they find they can hack in to one company using a certain type of malware, they will look for similar companies using the same malware. This is probably why multiple schools were hacked,” Bailey says.

Bailey says the lessons for all businesses are clear: use secure passwords backed by a strong policy.

“Use tools that securely generate passwords that don’t need to be remembered. Don’t use shared passwords, ever. And don’t allow repeated logins: if the password isn’t correct in three tries, block access (this stops ‘brute force’ attacks),” he says.

Most importantly, Bailey reminds organisations that good information security is about people.

“Know the signs of an attack and educate your staff,” he explains.

“Make them aware of the scams out there and make sure they know what to look out for.”

Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.
NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.