hiddenheader
Web Content Viewer (JSR 286)
Customized coverage backed by 100 years of business insurance expertise
From the Experts
We are committed to providing tools and information valuable to you and your clients. Subscribe to have communications relevant to your business' success delivered to your inbox monthly.
SUBSCRIBE

CNA EXPERTS

Share this content via email or social networks
Published Wednesday, August 24, 2016
By

Is Your Data at Risk? Who Are Hackers and What Are Their Methods of Attack?

By now, everyone most likely has heard about hackers – individuals who break into companies' networks and steal private information. When you look at the methodology, process and extent some hackers will go to infiltrate their target, it can start to read like a real-life spy novel.

So, who are hackers, you might ask? Hackers can come from all walks of life; however, whether they are in Russia or China, or teenagers in their parents’ basement, in all cases, they have one thing in common – there’s something they want, and they use their abilities to get it.

Hackers usually start by identifying their target, and then performing network reconnaissance to determine possible methods for entry. They may accomplish this by using a tool called a port scanner, allowing them to gain information on the types of programs or services running on the target network. Hackers then use this information, along will well-known vulnerabilities, to formulate a plan of attack.

One type of attack is called brute forcing, which tries all possible password combinations to access the account. Your organization can protect itself from this type of attack by locking accounts after too many failed attempts (5-10). You may recall when Apple famously suffered a brute force attack in 2014, which allowed attackers to gain access to photos stored in the iCloud backups of some celebrities1.

Another type of attack is a distributed denial of service (DDoS) attack. The DDoS attack does not compromise sensitive information, but can make it unavailable. It floods the target website’s internet connection with useless data, preventing normal business from being conducted. Commonly a DDoS attack may be used as a distraction while a different attack occurs. In the case of a UK telecom provider, a DDoS attack was launched to distract company resources while the attacker accessed databases containing sensitive information using another type of attack called SQL Injection2.

As you can see, hackers have a number of methods and tools at their disposal to access your sensitive information.

With an abundance of additional access points for hackers to breach, how can you ensure that your system remains secure? Please contact a CNA representative to learn how risk controls can be tailored to your business or visit www.cna.com/cyberliability.  
  

1 Apple Finds No Evidence Hackers Exploited iCloud To Steal Celebrity Photos  
2 DDoS Attack Leaves Four Million Customers at Risk   

One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
SUBSCRIBE

We are committed to providing tools and information valuable to you and your clients.

Subscribe to have communications relevant to your business' success delivered to your inbox monthly.

SUBSCRIBE
One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
Facebook
Twitter
LinkedIn
Email