Everybody is at risk to Cyber Crime
Posted August 27, 2018 Liam DeSanto
It’s worth saying again. Everybody is at risk to Cyber Crime.
At Summit Partners we have a diverse cross section of clients, from world renowned universities to small locally owned niche businesses. We have seen breeches, hacks, phishing and malware such as ransomware affect all business profiles from large to small with significant impact to business operations and revenue. You may ask yourself, “but I’m in such and such space, why would anybody want to hack me?”. The answer to that is surprisingly simple. Everyone has information, whether it’s your products, your customers, your employees or your mission. That means your information has value, to you if no one else. Would your co-workers be able to do their job if they couldn’t get to your data? Large or small, a ransomware malware, such as WannaCry can lock your data away from you. But also ask yourself this. Who do we compete with? Does somebody else do what you do? If so, would that somebody else benefit from having your information? Your contacts or plans or costs? That’s why everybody is at risk to Cyber Crime at a business level.
Now let’s chat about how you may be at risk on a technical level. First, we need to review a few things. When I got into IT, 20+ years ago, it was fairly simple and straight forward. Even as recently as perhaps 5 years ago, for most businesses, that remained true. You had your corporate network, at your corporate office where everybody came to work. Imagine it as a castle if you will, with a firewall surrounding it or the castle’s moat. Within that firewall you had permission rules, or the drawbridge. Those rules would allow traffic in and out of the castle over the drawbridge based on IP ports or lanes with the intent of certain applications to use those certain lanes. For example, as you may know, basic web traffic uses port 80. So, to allow company personnel to surf the web and for the world to get to your public website, port or lane 80 would be opened in the firewall or drawbridge. Bigger environments may be logging all the traffic on the drawbridge and later someone may review it if something seemed out of place. This worked in the past but there are two huge problems with this today.
First, businesses typically don’t operate like that anymore. No longer do we have the one physical stronghold where everyone works. Today we have employees that travel, work from home, work from a remote office or even work out of Starbucks. Add in that a notable part of your infrastructure may not even be at your office, it could be at a remote data center or even provided as a hosted cloud-based service. That means a lot more ports and a lot more traffic to log, going in and out of the firewall.
Second big problem, bad guys don’t follow the rules. Go figure. What that means is even though you intend for port 80 to be used for basic web traffic, it doesn’t mean that a bad guy won’t use it to transfer files even though that is typically is done over port 21. Yes, you may be logging on it, but at it’s fundamental level web traffic is the transfer of files to be read by web browsers. So, how does one differentiate what is happened in the past by looking at a log file? As this example shows, we have a much more complex IT and business landscape today and we know the bad guys won’t follow the standard rules. On top of that, with all that complexity, IT staff has to be correct 100% of the time to keep everything safe, while the bad guys only have to be correct once to get in and do one of the many bad things possible.
This paints a challenging and complex situation but just as business operations and IT technologies have changed, so have IT security tools. If you have any security related IT questions please contact us.