The Problem
Every online presence is a potential target for hackers. If you are running a business and have a website then there are three reasons that you will be targeted:
- Your website is insecure, and you are an easy target. It’s likely that you are already on a list on the dark web and any opportunist hacker will snap up some easy prey.
- You are in a sector or revenue stream that has been targeted for attack by state-sponsored hackers.
- Your main competitors will gain an advantage through disruption of your business.
A ransomware attack could completely disable your IT systems and data. Removal of your website could remove your main advertising stream and damage your reputation. Loss of data can leave you infringing data protection laws, subject to blackmail or your customer base being handed to competitors.
An IT Health Check (ITHC) will allow you to identify how vulnerable you are and advise on what steps can be taken to protect your business.
The Low-Hanging Fruit
Many businesses setup a website either when they start up or, if they have been trading for some time, when they need to establish an online presence. The main considerations are usually speed and cost, rather than security. What may have been secure when created may no longer be so.
There are companies on both the dark web and normal (surface) web that provide databases of vulnerabilities. A hacker needs only to know how to exploit one vulnerability to have a list of potential targets. This makes them attractive to amateur hackers (known as Script Kiddies).
Fortunately, these problems can be quickly identified and rectified, removing the danger. An ITHC will employ similar tools to those used by the online databases (and more), allowing each vulnerability to be identified and assessed in terms of risk. This risk-based approach allows focus on the critical issues first, and a view as to whether the fixing the remainder would provide value for money.
The Focussed Attack
Focussed attacks, rather than opportunistic, tend to be more of a threat. The attackers have a set goal and there is a reason for the attack. These attacks are likely to be persistent with hackers moving on to new infiltration routes when initial ones have been unsuccessful.
If you have any links to the public sector or deliver in sectors or industries important to your country, then you could be identified by state-sponsored hackers. Companies with higher turnovers, related to healthcare or are particularly reliable on IT or their website could be targeted by Ransomware attacks. If you are in a dominant market position then you could be targeted by unscrupulous competitors.
An ITHC will allow you assess your risks and take the necessary actions to mitigate them. A more in-depth Penetration Test will identify vulnerabilities and attempt to exploit them. Furthermore, consider reviewing the physical security of your buildings and assets. Lastly, the single biggest threat to IT security is your employees. Human error, weak IT passwords and social engineering can easily be profited from. These issues can be addressed through staff training and reviews of business processes.
IT Kill Chain can provide IT Health Checks, Penetration Testing, Social Engineering and process reviews, and cybersecurity consultancy. Contact Us to learn more.