Security rule No. 1: Assume you’re hacked

Jul 13, 2010 | Industry News

Always assume you are hacked! Below is an excerpt from an article by Roger Grimes, Security Adviser for InfoWorld Security Central:

A recent Forbes magazine article advised readers to assume that their companies have been hacked. Some readers have asked me to weigh in, and here’s my assessment: The article is slightly hyperbolic, but all in all, it’s a pretty accurate assessment. Most companies are actively hacked, and their sensitive data is being stolen and leaked to outsiders.

Many readers might find such statements inaccurate and unsupported, and they may wonder where is the documented evidence to back up these gross claims. True, there is no survey data to prove the conclusion. Surveys and interviews can only measure known hacking incidents; it’s hard to measure the known unknowns. But in this case, there is strong anecdotal evidence.

Every company I’ve dealt with has had dozens of big security vulnerabilities. The IT employees that I interview admit that their company’s defenses are unevenly applied and that they know of many more major security holes that I haven’t found in my limited review. Rarely are these security issues new; most are several years old and well known by IT management.

There’s a chance that your company is not hacked, but in today’s uber-active crimeware environment, it’s unlikely. If you aren’t hacked, you’re either extremely good (with full management support and resources) or lucky.

[read the full article]

Image courtesy flickr user purpleslog via CC 2.0

Sonicwall Cyber Threat Report

By Mary Grlic Sonicwall’s recent mid-year cyber threat report details the danger of cyberattacks in 2022. With cyber threats becoming an increasingly concerning risk, Sonicwall’s report is especially important. Understanding these sorts of threats can help businesses...

Suffolk County Suffers Cyber Attack

By Mary Grlic Suffolk County in Long Island, New York, is dealing with an ongoing “cyber intrusion” (as deemed by officials) after a hacker infiltrated the network. On September 8, 2022, the county legislature had to shut down their devices in response to a ransomware...

CosmicStrand Rootkit Virus

By Mary Grlic Researchers recently uncovered a major security concern: a UEFI-based rootkit virus. Coined “CosmicStrand” by cybersecurity company Kaspersky, the rootkit can implant viruses on the most basic software of a computer (UEFI). This makes it extremely...