Every month it seems, another large company suffers a network breach or unauthorized access to sensitive information. The number of well-known hacking victims keeps getting larger:
If those large companies – with their teams of IT personnel and massive budgets – are vulnerable, what chance does your company stand?
For one thing, you have the benefit of learning from others' mistakes. You can learn what made these large organizations vulnerable and lock down the same vulnerabilities in your system before a hacker exploits them.
Three common vulnerabilities triggered the recent wave of cyber attacks:
- Outdated software and older operating systems.
- The use of default and/or weak credentials.
Let's take a closer look at each.
1. Outdated Software and Older Operating Systems
Many companies will leave an older system connected to the network, running outdated operating systems like Windows 2000 or XP. This occurs quite often because:
- It may seem too difficult to upgrade an older operating system.
- It may seem too expensive to replace an old computer with a newer model.
But the small amount of money you might save postponing an upgrade isn't worth the risk of disaster down the road. Many hackers will write malicious programs for older operating systems and deploy them when Apple or Microsoft announce they are no longer providing updates to that operating system.
Hackers will wait because they know you will never be able to patch the vulnerability. Once they gain unauthorized access, there is a good chance they will have uninterrupted access well into the future.
2. The Use of Default and/or Weak Credentials
Almost all manufacturers and vendors will ship equipment like routers, switches, computers, and cameras with a basic username and password. Often, these credentials are widely known and listed on the web or even on a sticker attached to the equipment.
You need to change these passwords and usernames immediately to something stronger. Unfortunately, many people skip this step.
In addition to equipment, many users on your network will have a weak password that hackers can easily compromise. If a password is weak or it contains popular words and phrases, it can be exploited by password crackers.
How does that work? The password cracking programs will run through hundreds of thousands of password combinations composed of dictionary entries and common phrases.
Fortunately, you can fix this vulnerability easily: Require your users to create strong passwords with at least eight characters, including numbers, uppercase letters, and special characters.
Any application that comes installed on your system from the factory can be considered bloatware. These programs are created for system updates, registration, troubleshooting, or configuring specific types hardware from the manufacturer.
The problem is these programs aren’t thoroughly tested for security. Hackers can manipulate them easily to gain access to your system and network.
The solution? Update any factory-installed software on a regular basis. Or if you don't need them, remove them.
Outdated versions of common applications can also leave your system vulnerable to unauthorized access. This includes programs like Internet Explorer, Chrome, Flash, Java, Adobe Acrobat, and thousands more.
It Can Happen to You
All too often, people will tell themselves, “It won’t happen to me.” The truth is, at this very moment, countless hackers are scanning networks across the globe, looking for vulnerabilities they can exploit to gain access to your data.
Rather than trying to contain an unpredictable disaster after it strikes, it is much more cost effective to prevent these vulnerabilities. All it takes is one weak link to expose your network and data.
If you need assistance or have any questions and concerns, please feel free to contact us at Data Evolution.