By now, everyone most likely has heard about hackers – individuals who break into companies' networks and steal private information. When you look at the methodology, process and extent some hackers will go to infiltrate their target, it can start to read like a real-life spy novel.

So, who are hackers, you might ask? Hackers can come from all walks of life; however, whether they are in Russia or China, or teenagers in their parents’ basement, in all cases, they have one thing in common – there’s something they want, and they use their abilities to get it.

Hackers usually start by identifying their target, and then performing network reconnaissance to determine possible methods for entry. They may accomplish this by using a tool called a port scanner, allowing them to gain information on the types of programs or services running on the target network. Hackers then use this information, along will well-known vulnerabilities, to formulate a plan of attack.

One type of attack is called brute forcing, which tries all possible password combinations to access the account. Your organization can protect itself from this type of attack by locking accounts after too many failed attempts (5-10). You may recall when Apple famously suffered a brute force attack in 2014, which allowed attackers to gain access to photos stored in the iCloud backups of some celebrities¹.

Another type of attack is a distributed denial of service (DDoS) attack. The DDoS attack does not compromise sensitive information, but can make it unavailable. It floods the target website’s internet connection with useless data, preventing normal business from being conducted. Commonly a DDoS attack may be used as a distraction while a different attack occurs. In the case of a UK telecom provider, a DDoS attack was launched to distract company resources while the attacker accessed databases containing sensitive information using another type of attack called SQL Injection².

As you can see, hackers have a number of methods and tools at their disposal to access your sensitive information.

With an abundance of additional access points for hackers to breach, how can you ensure that your system remains secure? Please contact a CNA representative to learn how risk controls can be tailored to your business or visit www.cna.com/cyberliability.  
  

¹ Apple Finds No Evidence Hackers Exploited iCloud To Steal Celebrity Photos  
² DDoS Attack Leaves Four Million Customers at Risk