- December 11, 2020
- Posted by: Pat Riot
- Categories: CyberSecurity, Finance
Who has the better job: owner of a Financial Business or cyber attacker? It isn’t who you think…
The full answer to that question is that two people have the best job in the world, but they happen split seconds apart. Imagine you just woke up from a good night’s sleep, got dressed and headed to the local Starbucks in the business plaza down the street to start your day on the patio like several others these days. After getting your coffee you crack your laptop open to start your day. This is where we see the first look at a cyber attacker’s day to day work. Like everyone else you log into your various accounts, check your email, hop on social media and plan the tasks for the day ahead. No different than the business owner working remotely across from you, or a CXO you are sitting near. However, instead of logging into accounts like the Business Owner logs into, you log into the WiFi network from one of the companies in the plaza. While sipping a Caramel Cloud Macchiato, you run a Penetration Test to find the vulnerabilities that grant you unauthorized access to internal networks so you can get at your real objective. Getting data to sell illegally.
From here the day is great. You spend all the way up until lunch planting some malware on an unprotected network that will feed you information as it finds it, put in back door access to the HR systems that is still in-house because the HR director doesn’t want to move it, and then you hit gold by finding a computer that hasn’t had security patches put on it in three years and has the finance system running on it. You are able to get the administrative account and from there it is easy access to all of the company sensitive information. From here all you must do is sit back and watch the information roll in. Passwords, bank accounts and social security numbers from the HR and finance system, and virtually any data you would like to look at. Once you feel like you have enough information to almost cripple those businesses, you simply lock them out of their accounts by encrypting everything with a ransomware note asking them for a large sum of money or their data will be posted on the internet for all to see (including your competitors and clients). In return for the money, you “promise” to hand over the decryption key and get rid of the information you collected. Once the ransom is paid in an untraceable currency, you spend until dinner watching bids go up for the same information you “promised” to delete. It’s a great business model… other than the fact that it’s highly illegal, totally unethical, and morally disheartening. So yes, to clarify, the greatest job in the world is to be a successful hacker finding vulnerabilities in an organization that doesn’t put managing their IT devices and taking information security seriously.
The other side of this question looks better because if you are prepared, you won’t be a victim and won’t be in jail. Let’s look at what happens for the Business Owner who was sitting across from the hacker. Even though she is working remotely, there are tasks to get done to ensure that the virtual board meeting coming up goes smoothly. Getting out of the house is the only way to ensure that peace and quiet is had. Her clients’ still need tending too and that board deck isn’t going write itself. What the hacker across from her didn’t know is that she put her client’s data first and built her business putting information security as a priority of her IT staff engraining it into the company culture. Thankfully for her, it wasn’t her business that the hacker found with systems with client data exposed. Unknown to the hacker as well, was that this board deck she was preparing was preparing was finalizing the last details to raise capital to make the step in her success. Without making the choices she did, she wouldn’t be able to be where she is today, including how IT and information security operations where handled.
The FBI has even said, it’s not a matter of if a cyberattack will happen, but when or if it already has. Businesses and firms are already inundated with IT operations activities but never get extra time do complete them most of the time let alone being able to focus on information security.
A hacker’s greatest adversary is a business that puts data privacy and security first for IT operations. We support motivated business owners, independents, and partners looking to invest in the trust of their clients. The best job in the world is that split second when you prevent a’ hacker any access to your systems, network, or data to hold you hostage. You don’t have to be a “computer person” to focus on information security or IT operations, all you need is a partner in your corner like us, Steel Patriot Partners.