How many hackers does it take to change a light bulb? Does this sound like a joke?
Recent stats from the Internet World Stats website show that 39% of the global population is now connected to the web. That is some 2.802 billion people.
Of course almost any one of them can change a light bulb with the right motivation and training, but many of them will think it is easier to hack your data. Of course we all know that 99% of people are decent citizens, but it is a bit of a wake-up call when you realise that 1% of the web’s citizens is now 28 million people.
Many of these people are now connecting from the poorest countries on earth and have every reason to want what we in Australia take for granted. There is little justification for this but they have nothing to lose and much to gain.
Cybercrime is on the rise and there are victims every day. The cost to banks is already in the billions of dollars a year. Yet many businesses trade unaware of the risks they are taking or the preventative measures available to them to protect their systems and data. It is not just the responsibility of big business to protect systems. Every business with a computer needs to take this seriously.
One of the biggest real threats we are seeing at Combo, where we monitor and manage thousands of PCs for clients with 20 to 100 PCs, is the Crypto Locker Virus. (I wrote about that here.)
There are more variants of this threat arriving daily and people are being caught out by it time after time. To remedy a network hit by the virus can take a couple of days if there is good backup, and if there is not good backup, the resolution may not happen at all.
People are being forced to take the huge risk of entering their credit card online in the hope of getting something back. I would advise against this in all cases and suggest that there is no better time than right now to cancel that credit card if you have not already.
Over the next few years we are all going to hear a lot more about cybercrime as ageing computers become more vulnerable to the malice of the hackers and as hackers become more sophisticated in their attacks.
We will hear of phishing attacks that get hackers inside networks or into your cloud systems using your own staff usernames and passwords. We will hear of exploits of unpatched operating systems and applications and the costs of discovery, rectification and protection will all go up. For every threat there is likely to be a level of protection, and like an onion, there will be layers of protection that can be applied but there will never be a 100% safe level of protection.
I have been asked if we should bother at all given we can’t reach 100% safe. The answer is an unequivocal yes we should. It comes back to return on investment and the cost of business.
If you do not need technology in your business then take it out. If you do need technology in your business then protect it as best as you can and accept that the protection is just part of the cost of doing business.
If you were a bricks-and-mortar business, would you go home at night and leave your stock on the shelf with the doors open? No, of course you would close the doors and probably have an alarm system if you were in a rough area. You might even consider bars on windows and metal shutters.
Well the internet is a rough area and the weak shall be hacked, probably sooner than you think, or it is already happening and you have not yet noticed.
I have listed preventative measures before, but here are a few reminders:
- Filter inbound files before they hit your network with spam filters for email and antivirus for attachments and files.
- Protect your network perimeter with a firewall and keep it up to date.
- Backup your data and your server system files inside your network daily or more often and keep a copy off site for emergencies.
- Use antivirus software on all PCs, servers, mobile devices and smartphones.
- Keep up the patch levels on your operating systems and applications.
- Replace out of date operating systems like Windows XP, and as of July 2015, Windows 2003 server.
- Encrypt data that may become exposed by phishing attacks or other threats.
Things we know won’t work are:
- Putting on rubber boots after an electric shock
- Replacing a car tyre after a blow out at 110 km/h
- Taking out car insurance just after your ensuing crash
- Using contraception once pregnant
- Starting an exercise regimen just after dying of a heart attack
I am putting IT security and best practice in the same category.
It has been shown that serious data loss can kill your business yet people are continuing to use Windows XP PCs, lack plans to upgrade Windows 2003 servers, have insufficient backup, no spam filtering or antivirus software and so on.
If you are not sure how robust and secure your systems are it is time to get an independent assessment done to make sure you have a plan to get things under control and keep them there before one of 28 million hackers gets the better of your business.
David Markus is the founder of Combo – the IT services company that is known for solving business problems with IT. How can we help?