Companies have been fighting cybercriminals and criminals for years. Companies are getting more aware of the threats which might hit their environment and for that reason they have been implementing cyber security solutions which claim to keep the company environment safe from malicious users.
Companies are also using physical security professionals to keep the company environment safe from criminals, but it is not usual that the physical security professional will investigate your teeth to see if you are hiding a USB stick or any other type of data storage unit.
The government agencies like GCHQ and NSA are aware of how companies are being protected against malicious users. These same government agencies publish guidelines on how to infiltrate company environment. The Edward Snowden leaks, clearly showed how the NSA had prepared flowcharts and tutorials on how to infiltrate company computer networks and environments
You have already been hacked
10 out of 10 companies have already been hacked. If the hack had an impact on the organization is something else. In enterprise environments, thousands of users communicate with the company network and from a hackers point of view this means that there are at least 1001 ways to infiltrate a company network.
I am not going to state how you can be hacked, but I am going to leave some questions which will give you the answer on how high the possibility is that your company environment has been (or will be) breached/hacked.
- Do you run outdated software in your company environment?
- Do you allow devices which hold outdated software in your company environment?
- Do you allow personal devices (private) in your company environment?
- Is the public company website connected to the company private network?
If you have answered yes to one of the questions above, then the chance is very high that you will be targeted in the near future.
New types of attacks
In the last couple of months I have witnessed “new” attacks which are capable of leaving a massive trail of damage.
The Ransomweb attack focuses on outdated web applications. The Ransomweb attack will target the outdated web application and it will try to exploit the outdated web application with a widely known exploit.