Why Would they Care about Me?
I have heard from a number of clients, "Why me? What would a hacker want with me?".
The truth is a hacker very likely doesn't even know that you exist. The intruder would rarely even know your name, who you are associated with, or what type of business it is that you're in. Unless an internet intruder is specifically out to get You.
The most simplistic and technological method for a hacker to intrude a system is by running an automated search for known vulnerabilities in Microsoft products. Hackers and Microsoft seam to have a little dance they do. A hole is found by Microsoft, they announce the hole exists, the Hackers begin to find ways to exploit the hole. This is in a perfect world too, if the Hackers are the first to find the hole it makes it much more difficult to create a patch for a problem if Microsoft isn't aware the problem exists yet.
Leaving these holes or points of entry for Hackers available is the easiest way for business owners to really be taken advantage of. While Microsoft and Hackers do their little dance, the consumer is still left completely vulnerable. Even after a patch is made, with out having an intelligent IT staff or at minimum a professional vendor checking patch management, these holes could remain open for an elongated time.
I still get asked often, "Why would the Hackers care about my small business." The Hackers do care about Microsoft and other big power house corporations but in reality their chances of breaching one of those companies isn't the best idea. The 'big guys' have the resources to protect themselves with their tools, IT departments, and the funds to afford the protection. Attacking a large company isn't just more difficult, it can also be much more dangerous and have much greater repercussions! A Hacker that attacks a smaller company may very well never be detected and taking over several at a time would serve its purpose in line with penetrating a larger corporation.
"Last year, Microsoft IT said it was the target of more than 100,000 intrusion attempts per month. Currently, Microsoft filters out about 9 million spam and virus e-mails a day out of 10 million received. Yes, that means that roughly 90% of incoming e-mails are spam." - Martin Heller, December 8, 2006 (Computerworld)
Microsoft gets attacked often and as I mentioned before they have the resources to deal with those threats. I recently read an article about the threats Microsoft receives daily and some of the precautions they use. A threat for all businesses is having remote users and one of the most secure ways is through a hardware Virtual Private Network or VPN. Microsoft does use a VPN but also something that is known as sandbagging. Before a connected computer can access any resources on the corporate network, a program scans the computer for security. An approved operating system must be installed, along with all critical security patches and several other security best practices. If the scan finds a deficiency, it attempts to correct it.
"It will update antivirus signatures and force the installation of critical security patches. If the user rejects these updates, the scanner ends the connection. Once the scan has determined that the computer is clean and fully patched, the connection is allowed out of the sandbox and onto the corporate network." - Martin Heller
Do I believe a small business owner needs to sandbag? I think that depends on their needs and what information they have. My point is that without being aware that Yes Hackers do in fact very much care about small businesses!
Now lets keep you protected!
The truth is a hacker very likely doesn't even know that you exist. The intruder would rarely even know your name, who you are associated with, or what type of business it is that you're in. Unless an internet intruder is specifically out to get You.
The most simplistic and technological method for a hacker to intrude a system is by running an automated search for known vulnerabilities in Microsoft products. Hackers and Microsoft seam to have a little dance they do. A hole is found by Microsoft, they announce the hole exists, the Hackers begin to find ways to exploit the hole. This is in a perfect world too, if the Hackers are the first to find the hole it makes it much more difficult to create a patch for a problem if Microsoft isn't aware the problem exists yet.
Leaving these holes or points of entry for Hackers available is the easiest way for business owners to really be taken advantage of. While Microsoft and Hackers do their little dance, the consumer is still left completely vulnerable. Even after a patch is made, with out having an intelligent IT staff or at minimum a professional vendor checking patch management, these holes could remain open for an elongated time.
I still get asked often, "Why would the Hackers care about my small business." The Hackers do care about Microsoft and other big power house corporations but in reality their chances of breaching one of those companies isn't the best idea. The 'big guys' have the resources to protect themselves with their tools, IT departments, and the funds to afford the protection. Attacking a large company isn't just more difficult, it can also be much more dangerous and have much greater repercussions! A Hacker that attacks a smaller company may very well never be detected and taking over several at a time would serve its purpose in line with penetrating a larger corporation.
"Last year, Microsoft IT said it was the target of more than 100,000 intrusion attempts per month. Currently, Microsoft filters out about 9 million spam and virus e-mails a day out of 10 million received. Yes, that means that roughly 90% of incoming e-mails are spam." - Martin Heller, December 8, 2006 (Computerworld)
Microsoft gets attacked often and as I mentioned before they have the resources to deal with those threats. I recently read an article about the threats Microsoft receives daily and some of the precautions they use. A threat for all businesses is having remote users and one of the most secure ways is through a hardware Virtual Private Network or VPN. Microsoft does use a VPN but also something that is known as sandbagging. Before a connected computer can access any resources on the corporate network, a program scans the computer for security. An approved operating system must be installed, along with all critical security patches and several other security best practices. If the scan finds a deficiency, it attempts to correct it.
"It will update antivirus signatures and force the installation of critical security patches. If the user rejects these updates, the scanner ends the connection. Once the scan has determined that the computer is clean and fully patched, the connection is allowed out of the sandbox and onto the corporate network." - Martin Heller
Do I believe a small business owner needs to sandbag? I think that depends on their needs and what information they have. My point is that without being aware that Yes Hackers do in fact very much care about small businesses!
Now lets keep you protected!
Comments