Technology changes every day. There are advancements, innovations, people developing better ways of doing things. People themselves are learning to think and behave more efficiently because machines are taking over tedious tasks. Every startup business is reliant on technology to function. Processing credit cards, having a presence on social media, owning a website. All of these things are necessary to stay competitive in today’s market. But this also means that bad actors and hackers are changing too. Hackers changing tactics are evolving and no one is free of an attack. It is important to understand these changes, to know what new tactics are being employed, and to respond properly.
It is known that phishing schemes are the most common vector of a cyber attack, but it isn’t the only one. Today, social engineering is the second most common threat employed by hackers. This entails engineering on social media, calling people and asking for favors and asking questions, and even looking through physical garbage to get information. It could be pretending to be a client or pretending to be someone interviewing for a job. It may seem paranoid to think this way, but when it comes to cybersecurity, access is the key to gaining more access. The more access a hacker can gain, the more information they can steal, the more they can exploit the business they have targeted.
In order to protect against the ever-changing tactics, one of the best things you can do, besides follow the four protections outlined in a previous article, is to ensure that all software and hardware patching is up to date. Companies are more likely to be hit by something that’s been around for a year because they didn’t patch something than to be hit by something on day zero. For example, SQL injection has bounced around the OWASP top 10 for 10 years and it’s still there. Employ good coding practices by utilizing the OWASP to 10 and ensuring proper protections are in place. Until companies catch up and stop allowing SQL injection to be exploited, it will continue to be a common vector. Same goes for anything else on that list.
Companies of all kinds are attacked all the time, every day. Not just large corporations, but everything from tiny mom and pop shops to giant corporations and governments. Attacks are indiscriminate, with the goal being to gain access somewhere, anywhere. The attackers do not care if you’re a startup or a legacy business, if you’ve been around for five minutes or hundreds of years. The goal is information gathering. The more information they can gather, the more they believe they can make on the dark web or black market or wherever they sell their thefted data.
Data breaches are common. Some you hear about in the media when millions of people are affected. Others you don’t know happen because no one was exposed and the business did their due diligence in responding. Having a dedicated IT team to monitor and respond to such attacks is every bit as important as knowing what hackers are doing to circumvent business protections. Their ever-changing tactics make it hard to keep up, which is why reporting is important so that other companies can be aware when a new threat emerges.
Hackers changing tactics isn’t goinng to change as businesses catch up and protect new weaknesses. Be sure to set up your protections, to rely on the advice and information your IT team learns and have an incident response team set up to handle breaches. Mitigating your risk early is a key piece in protecting your business assets, proprietary data, customer and client information.