Filter by Category

How to Think like a Hacker and Secure Your Data [Webinar Recap]

Hacker Stealing Information During Data Breach Incident

There’s no denying that data breach incidents are becoming more common each and every day. Organizations continue to work tirelessly to combat looming threats with the latest cybersecurity best practices and technology. However, the larger the volumes of sensitive information being collected, processed, and shared, the greater the chance is of getting hit by a critical cyber threat. This also increases the need for data loss protection.

In response to these dire threats, IT teams play defensive. At first, they create data breach response plans and security settings which tell them what to secure and how to react accordingly if those settings fail. Unfortunately, it’s not enough to react to a data breach incident. Resources like response plans and guidelines can’t predict what specifically hackers are after or in which ways they plan to acquire your data.

We recently held a webinar, titled "Think like a Hacker and Secure Your Data," to explore this topic more. The webinar is now available on demand:

WATCH THE WEBINAR

Perhaps it’s time to look at your cybersecurity approach and explore how to prevent a data breach from a different point of view. Are you ready to put yourself in the shoes of a hacker? Let’s get started.

Modern Data Breach Statistics

Getting ahead of cyberthreats can feel frustrating, but it’s not impossible. One of the best ways to implement data loss protection is to first understand the lay of the land.

The Cause of Data Breaches

Every year, most data breach incidents are caused by one (or more) of the same issues involving malicious/insider criminal attack(s), human error, and/or a system glitch. And every year, organizations hope that these data breach incident statistics will improve. Yet, they continue to remain dismayed when they discover that the cybersecurity tactics they’re using to protect their company’s sensitive data are not foolproof. Hackers can still successfully manage to infiltrate their networks, using a master blend of old techniques, new tactics, and human error to achieve success.

The Cost of Data Breaches

According to Ponemon Institute’s 2018 Cost of a Data Breach Study, the average cost per record for all data breaches in 2018 was $148. Of course, these costs can vary depending on who was breached and what it cost them afterwards to bolster their data loss protection.

Frequency can make a notable impact as well, as the frequency of data breach incidents often depends on the industry itself. Financial services, point-of-sale services, industrial manufacturing, technology, and retail are the five industries that experience data breach incidents most often. However, the fields with the highest price to pay (even if some of them are less frequently breached) are healthcare, financial services, POS services, pharmaceuticals, and technology.

Basic Terminology

The most effective way to think like a hacker is to understand the very strategies they themselves use to infiltrate an organization’s network. It’s also key to know some basic hacking terminology. Here is a look into a couple of phrases used when discussing hacking and data breaches:

Attack Surface

Also known as the threat vector or sum of all possible attack points. This is typically achieved after the reconnaissance stage where a hacker has figuratively opened a seemingly-locked door and let themselves in without permission. They now have direct knowledge of the devices they identified through the initial probing. This is truly the landscape where a hacker can attack a network.

Critical Value Data (CVD)

The prized organizational data, or crowned jewels, of an organization. CVD could be the secret ingredients in a famous recipe, proprietary formulas, or manufacturing processes.

For additional common hacking terminology, watch the webinar: How to Think like a Hacker and Secure Your Data.

Common Hacking Techniques

There are many different techniques that a hacker may use to get into an organization and steal records, but most attacks only need to use a few in order to be successful and cause a data breach incident.

Here are two recurrent techniques you should become familiar with:

Fake WAP

How it works:

A fake WAP (wireless access point) is put in a public spot and usually sports a legitimate name in order to appear like it’s coming from a trusted business (i.e., a coffee shop). They are easy to set up and even easier to fall for. Once you’re connected to a WAP, all traffic will transverse through a rogue access point for inspection. Any information that isn’t encrypted will be sniffed out by the hacker and potentially stolen for later use.

Key Indicators of a fake WAP:

  • It’s an open, non-secure network
  • No password is required to log in

How to avoid it:

  • Don’t connect to free open wireless networks
  • Make sure you get the network name and password from the provider
  • If you need to use a free network, use a host VPN (virtual private network) to encrypt your traffic

Cookie Theft

How it works:

Cookie theft, also known as sidejacking or session hacking, happens when cookies from the website you visit are stolen through an unsecure network. The cookie can then be used to allow the hacker to pretend they are you and potentially hijack your account.

How to avoid it:

  • Make sure you’re always visiting a secure site – https, NOT http
  • Use a host VPN to encrypt your traffic

For additional common hacking techniques to consider, watch the webinar: How to Think like a Hacker and Secure Your Data.

Strategies for Data Protection

Now that you’re a bit more familiar with the strategies hackers may use to cause a data breach incident and steal sensitive data, you may be wondering what else you can do to avoid these vulnerabilities and protect your information. So glad you asked! Here are a few tactics we recommend executing today to boost your cybersecurity and encourage data loss protection:

  • Identify your CVDs: Take a risk-based management approach to your critical value data.
  • Create a data breach incident response plan: Although the goal for most organizations is total breach prevention, data breach incidents can unfortunately still happen. With a solid cybersecurity data loss protection plan and/or incident response plan in place, a compromised system can be dealt with cleanly and quickly before things have a chance to escalate.
  • Encrypt your data in transfer AND at rest: Encrypting sensitive files, no matter if it’s in transit to a recipient or stored remotely on a server, should always be one of the most important practices in your cybersecurity arsenal.

If you haven’t already, consider building a data loss protection strategy that will encrypt your files and file transfers. Some IT teams use free open PGP tools to achieve file security, while others opt for a centralized managed file transfer solution to protect their data. What you choose is entirely up to you and your business needs.

For more on methods of defense against looming cybersecurity threats, take a look at some related reading: Defending Against Data Breach: Developing the Right Strategy for Data Encryption.



Related Posts


2018 Cybersecurity Concerns in Healthcare and How to Address Them

The first few weeks of January always seem to be accompanied by an influx of new cybersecurity trends, forecasts, and concerns. As expected, 2018 has followed this pattern—and with the need for…


6 Experts Debunk Common Cybersecurity Myths

The life of a cybersecurity professional looks a lot like the plot of a Greek mythology action movie. We spend years preparing for an attack by an unknown creature, basing our strategy on tales…


The Best Cybersecurity Strategies for Banks and Financial Organizations

Banks and financial institutions, take note: though the year is almost over, no one is safe from a data breach. Industries across the board have seen 4.5 million records stolen so far in 2018—a…


How to Create a Cybersecurity Policy for Your Organization

The cyberattacks and data breaches that make the news are usually the ones that happen at big corporations like TJX or Home Depot. But every organization, large or small, needs to be concerned about…


Why You Should Incorporate Managed File Transfer into Your Cybersecurity Strategy

Managed File Transfer: A New Cybersecurity Strategy for Sensitive Files Earlier this month, independent news platform Patch reported that Neiman Marcus, a department store chain in the US, has…