Story image

Hacking a risk to all businesses, no matter the size

15 Aug 16

Cyber security is an issue facing all businesses regardless of size, type or location.

That’s the stern word according to Aura Information Security, who says the recent hacking of several New Zealand schools is a timely reminder about the importance of security.

Aura Information Security general manager Peter Bailey says that while schools may seem an unlikely target, they have resources and information that hackers find valuable. The same applies to most businesses in New Zealand.

“In the case of the schools hacking, it is possible that servers and storage may have been taken over by attackers. In addition, the personal information schools often hold may also have been used for ‘downstream’ crimes,” Bailey explains.

“When resources are taken over by hackers, they can be used to store contraband such as illegal digital content or to launch further hacking attacks on the information assets of other organisations,” he says.

Personal details, such as those contained in school systems, can be used by hackers to perpetrate identity theft. This data can then be used for crimes such as opening fraudulent lines of credit.

If the email accounts of senior school staff members are hacked, those individuals can be impersonated to request payments from the finance team for bogus invoices (this is also known as the ‘CEO Fraud’, where a message purportedly from the boss authorises a payment). Because the email appears quite legitimate, hackers often succeed.

Notably, Bailey says schools and small-to-medium businesses have something in common where security is concerned.

“They often have similar IT and security setups featuring weak passwords which are used for multiple services,” he says.

“This makes it relatively easy for hackers to ‘brute force’ the password. Brute forcing is a technique where hackers use a computer to automatically guess a password until they gain access.”

Is your business at risk?

According to Bailey, the short answer is yes. ‘

’Like schools, small-to-medium businesses tend to focus on ‘why’ they might be hacked, often coming to the conclusion that they don’t have anything of particular value in terms of information assets,” Bailey says.

“This leads to the inevitable conclusion that information security doesn’t warrant priority.”

Bailey says nothing could be further from the truth, as the school hacking has demonstrated.

Information such as customer lists, trade secrets, financial, corporate data and credit card information is valuable to them.

“Today, hackers aren’t generally breaching computer systems for mischief. Instead, they are looking for things that are relevant and which give them an advantage,” Bailey explains.

“This includes information such as credit card details which enables them to directly make money, or information and resources which help them indirectly hit payday,” he adds.

Because hackers make use of automated tools to run their attacks, any organisation at any time is at risk, says Bailey.

These tools scan the internet looking for vulnerable sites, whether a school or business and, in much the same way that a burglar will seek out the unlocked house, hackers pick the easy targets.

“Generally, if they find they can hack in to one company using a certain type of malware, they will look for similar companies using the same malware. This is probably why multiple schools were hacked,” Bailey says.

Bailey says the lessons for all businesses are clear: use secure passwords backed by a strong policy.

“Use tools that securely generate passwords that don’t need to be remembered. Don’t use shared passwords, ever. And don’t allow repeated logins: if the password isn’t correct in three tries, block access (this stops ‘brute force’ attacks),” he says.

Most importantly, Bailey reminds organisations that good information security is about people.

“Know the signs of an attack and educate your staff,” he explains.

“Make them aware of the scams out there and make sure they know what to look out for.”

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."