Wednesday, June 16, 2010

What Can Hackers Do?

A few years back I'm sure we all remember hearing or reading about what websites were defaced that given week. This in itself can be embarrassing for the website owner and was very prevalent. It's not that this sort of thing does not happen anymore but it is eclipsed but the more serious things that take place. Banks being defrauded by unscrupulous employees, Online Stores having their patrons credit card information ripped off, and a host of other more serious actions.

The reality is that as network systems become more complex and widespread, the opportunities for those who wish to compromise or HACK computers become much greater. Take a look at this Threat and Trend graphic. It will layout just a few entry points and opportunities for hackers!

As a home or small business computer user there are many ways you could be at risk. Many people store their financial information on their computers using a simple spreadsheet or document, or maybe something like Quicken / QuickBooks accounting. Many people store all their logins and passwords in plain text documents on their computers. How many people store information regarding their medical conditions on their computers. Computers are there to make our lives more simple and provide us with a means to store all of our most important information. What if this information were in the hands of someone else? What could happen;

* Is it possible for someone to assume my identity if they access the above information;
* Can someone find out what all of my logins and passwords are;
* As a business owner do I need to be concerned about corporate fraud;
* Is it possible for a hacker to steal my companies intellectual property;
* Can an unauthorized person access my company's sales information including clients and prospects;
* And, as a home user, or small business owner, could I be held liable for something someone else does with my computer?

The answer to all the above is, yes! If your computers are not properly configured, kept up-to-date with patches, or secured against the most common types of attacks you are at risk!

Take a look at the following Threat Spectrum to get an idea of the potential risks!
There are new vulnerabilities for computers found almost everyday. If you are not diligent in keeping your computers up to date and secured you can expect (it's just a matter of time), that in one way or another your system will be compromised.

Over the years, we have seen just about everything under the sun when performing small, medium, or large computer security assessments;

* Home computers being used to relay information and stolen software;
* Business computers being used to store stolen software as well as distributing it;
* Employees using their work computers to run businesses such as pornography sites;
* Ex-employees still accessing their work computers because of the lack of security;
* People trying to extort or intimidate others using information they gathered from unsecured computers;
* The potential for civil and criminal legal action against users for participating in malicious tasks;

and that's just to name a few of the things we have seen!

Don't underestimate what can happen to you. Human beings are very risk adverse however we are also very bad at determining the real risks. Many people are afraid to fly in planes but have no qualms about climbing up a 10 foot later to change old ceiling fan without cutting the electricity first. You have more of a chance climbing that ladder, getting shocked, falling and breaking your neck than going down on a plane. This seems to apply to many methods of analyzing risks.

Think about this. In testing where we placed out-of-the-box computers on the Internet it takes approximately 15 to 30 minutes before it's hacked or compromised in some way or another.

No comments: