Businesses cannot afford to neglect cyber security. A recent report published by Beaming found that UK businesses are attacked online every 2.5 minutes, with the average firm suffering from 52,596 cyber-attacks between April and June 2018.
Small businesses are particularly vulnerable to these attacks, as a lack of security/training budget and expertise leaves many unable to properly protect their confidential information.
But all is not lost for mall businesses. The best way to defend your company from a data breach isn’t by investing millions in expensive software and data security experts, it’s by thinking like the person behind the attack in the first place – the hacker.
Hackers are crafty, opportunistic, and adapt quickly to challenges, but by placing yourself in the mind of one of the bad guys you can successfully anticipate their next move and level the playing field. Here are some top tips to help you think like a cybercriminal.
1. Preparation is everything
First, you understand how hackers go about their work. The process can usually be broken down into two stages:
- Exploration, and
The first stage involves scanning and testing your systems to discover interesting information that could later be used against your organisation.
The tools hackers use to breach and extract valuable information are vast, and they’re constantly evolving, making them pretty impossible to keep up with. They include:
- Trojans and
- Bait and switches (when an attacker buys advertising spaces on a website which links to a page that’s infected with malware).
However, the one thing that remains constant is perhaps the most important stage to any hack: planning.
How hackers plan
All hackers will undertake some form of “footprinting”, whereby they try to learn as much as possible about the target organisation, including who the employees are and what systems and platforms they use. This information will often be mistakenly made public, whether through social media, forums, or even on the business’ own website.
Alternatively, hackers will sometimes gather sensitive information about a company by doing some DNS enumeration – the process through which a hacker gathers information about an organisation’s network by locating all the DNS servers and their relevant records for a business that can be later used for an attack – IP addresses, usernames, computer names, and etc.
With this knowledge, the solution SMEs should implement to make hackers stumble at the first hurdle is two-fold.
People are the weakest link
Firstly, small organisations should understand that the weakest link in any SME’s cyber defence efforts will always be its staff; human error is an inevitable part of every organisation.
Hackers know this and exploit employees’ mistakes to their benefit. If SMEs remain conscious of this fact, they can take the appropriate steps to limit any potentially disastrous slip-ups.
For instance, many employees may simply not be aware of the risks or consequences involved when accessing a public WiFi network when working on the go. Ensuring that comprehensive training is given to all new employees is a must.
Equally, existing employees should also be regularly tested on their knowledge of information security best practice. By mitigating the risk of easily-avoided mistakes, you will be well on your way to defending your business from hackers.
Protect against a DNS enumeration
Secondly, protecting against a DNS enumeration is always a good policy. Your DNS server is a computer that contains a database of your public IP addresses and their hostnames.
If it is not configured in a secure way, your network’s sensitive information can be put at risk. As such, it’s worthwhile for any SME to protect their network against this by configuring all name servers to disallow a DNS zone transfer to an untrusted host.
While this will not prevent the most advanced hackings, it will protect your network from the amateurs.
2. Expect the unexpected
The second stage in any hack is exploitation – gaining access to a system and maintaining access for further breaches in the future.
Hackers are some of the most creative people around. They constantly look for vulnerabilities in a system, especially if it’s by using something in a way that the web developer never intended. Hackers don’t just think outside the box – they throw the box out of the window.
If a developer only expects the usual paths of attack, such as DNS zone transfers and viruses, he or she will not implement protections against a more unusual path of attack.
Web developers should therefore take part in some penetration testing – the process through which someone launches a simulated attack on a computer system to find any potential weaknesses, including the more obscure ones.
There are experts whose job it is to test systems in this way, so if the budget stretches far enough, you should look to bring outside help.
Start with the most simple attack paths, as closing these off will easily deter less dedicated/patient hackers. Make sure to examine every element of the company’s network, including hardware, software, and protocols.
Proceed to thinking about more creative ways of gaining access to your system, which should start with reflecting on what a potential hacker might want to steal in the first place.
This will differ company to company, and some industries will hold more valuable information that others. By working this out, you will have a better idea of which areas to focus on and will have more success in finding secret paths that could have disastrous consequences.
3. Read between the lines
While small businesses can dramatically reduce their chances of being hacked by following the previous two steps, with enough dedication and skill a hacker will always have a chance at breaching a network and acquiring confidential information.
Once a cybercriminal has gained access, they will attempt to escalate their privileges in the system, allowing them to make changes to the network without the administrator knowing anything about it.
A hacker will then usually do two things.
Firstly, they will upload a piece of code that’s known as a “backdoor” – a secret portal that gives a hacker illicit remote access to the system that they can use to enter the system again the future.
Secondly, a hacker will cover their tracks to avoid detection by web developers, as well as to remove evidence of the hack that could be used against them in a court of law.
Log suspicious activity
The point to be made here is that by thinking like a hacker, SMEs will realise that any cyber security policy should include measures to recover from an undetected hack before a more serious one occurs.
Therefore, it is critical for businesses to regularly monitor their system logs to find suspicious activity, as well as making sure that the monitoring systems they use are updated to deal with the most innovative methods.
If either suspicious activity or a backdoor is found, your business has suffered a hack. You should immediately backup your website, as even though your site has been hacked, it could become much worse if not dealt with soon. By backing up your site, you can safely investigate what went wrong and try to find a way to close the backdoor.
If you make a mistake during your research and set off a virus which escalates the issue, your backups will ensure that you can restore your site to where it was before you investigated the backdoor. It’s not a perfect solution, but it will help you avoid a significantly worse headache in the long-term.
Stay one step ahead
While the tools hackers use to breach systems are getting more sophisticated by the day, organisations are increasingly putting themselves in the mindset of the hackers to protect their sensitive information and operations.
Nowadays, cybersecurity is a high-stake game of chess, in which most businesses simply react to their opponent’s moves. However, those that take the initiative by thinking like a hacker to stay one step ahead will have a far better chance of checkmating the attacker.
This guide has been written for ByteStart by Darren Hockley , MD of eLearning provider DeltaNet International, which offers a wide range of courses for businesses including training on information security.