Education is a big component of cybersecurity. That’s why we publish relevant articles on our blog on a monthly basis. That’s also why we share important content on our Facebook and LinkedIn pages. And it is also why we hosted the ICSEvent in September. The event was structured as an educational opportunity for local business leaders and companies and as a networking opportunity. Because we received such positive feedback from attendees, we thought our blog readers would benefit from a recap of the highlights.
A Live Hack
Hacking may seem like a big complicated endeavor. It’s not. The reality is that the tools that hackers use, and the code that is leveraged to hack into systems is something that young kids are likely learning in school during their coding classes. This was confirmed during a live hack demonstration. To put some context to this, in total, the hack process took less than five minutes, and that’s with the additional commentary that took place! And, once our “hacker” was in, he was able to quickly access accounting software usernames and passwords with one simple piece of code. Frankly, this demo was pretty jaw-dropping for the attendees.
Access Through HR
The majority of readers on this blog know not to open files from unknown sources. But what if your job depends on receiving and opening, files from people you don’t know? That is essentially the function of HR teams. Every day they receive resumes from potential candidates, and it is their job to review these candidates. Unfortunately, hackers know this and can use this as an opportunity to gain access to your business. Think about it. A resume comes in and it’s encrypted so it won’t open in preview. So, the HR representative downloads it and tries to open it. Still encrypted. Then IT is pulled in, and admin usernames and passwords are used. And, you can see that we just let a hacker in. Another ah-ha moment for our audience because this is such a real-world experience, and didn’t include a phishing email full of typos and bad links, which we all know not to click on.
The Bar Is Low For Hackers
As noted above, the tools and code used by hackers is something that is leveraged in coding classes every day by kids across the country. The programs that hackers use are oftentimes free tools that any of us can use. And the commands are already in the tool! To top it off, hackers often times use the programs that have already been installed on your computer (example: Dropbox) to gain access. In other words, becoming a hacker isn’t hard (unless you have a strong sense of right and wrong).
The Best Offense Is A Good Defense
In order to protect your company, you need to defend it. And the best place to start is the basics. One of our speakers, Kyle Hanslovan of Huntress Labs, suggested checking out the Center for Internet Security’s Top 20 list of controls. Once you’ve got the basics in place, it’s time to layer on additional security. Two-factor authentication was a big recommendation. This additional level of security can help prevent many hackers from stealing usernames ahttps://www.cisecurity.org/controls/nd passwords, as noted in the accounting example above. In addition, it’s wise to have an outside IT consulting firm complete a security assessment of your company’s network. An outside resource will tell it to you straight, and typically have more resources available to really dig into your business. And, luckily, Intivix offers security assessments. Timewise you are looking at 1-3 hours for the assessment, but it is well worth it.
Networking With Others
The group that attended the ICSEvent was primarily made up of business owners, decision-makers, and a few HR members. After the educational sessions, they all had the opportunity to pick each other’s brains and chat about their own security procedures, or what they enjoyed most about dinner. And, networking with others is always a great way to learn – oh yes, we snuck an educational component in here too!
So, what’s our goal in sharing this recap with you? Well, education for one, but the other is to help highlight that we’re a people-based company, and we’re here to help! We encourage you to give us a call for a free security assessment or even to chat about your current IT struggles. You won’t get a sales pitch, as we’re not that kind of company. But you will get an honest conversation. It might cause you to flinch a bit if we find a cybersecurity breach, but we’d rather have you flinch, then get hacked. Looking forward to chatting.