Hackers gonna hack - why breaches are inevitable

img_2014-09-08_hackers-gonna-hack

NEWS

Celebrity stories, though they do not materially affect businesses or the general public, will always make headlines. But, often, less potentially salacious stories get relegated to the background if they are reported at all. The fact is that data breaches and hacks can be catastrophic as we have seen in the cases of Code Spaces and ZenDesk.

It may be time to accept that data breaches are an inevitable part of today’s business world. Here are just a few of the security stories that have hit the wires over the past few months:

  • Celebrities had their private storage accounts hacked and contents stolen.
  • Big companies like Home Depot, Target, Goodwill and others reported significant data breaches.
  • Municipal health services and private health systems had sensitive HIPAA protected data compromised.
  • JPMorgan Chase and other major banks investigated major breaches that may have compromised millions of credentials and accounts.

Those are just the ones we hear about. 

Attacks are not restricted to large corporations: hackers are going after small businesses and individuals in addition to multi-national companies. What more can we do to protect ourselves?

Infosec is like an arms race and, right now, the hackers are winning. Driven by greed -- some stolen records can be worth over $50 each on the black market -- and the fact that stolen credentials are often invalidated within days if not hours of being stolen, the bad guys are strongly motivated to move quickly, adapt and evolve their attacks. In contrast, many of our defenses are antiquated, IT resources are stretched thin and the various security regulations ever more complex and byzantine.

As more and more businesses move to the cloud, the number of potential vulnerabilities multiplies. Today, we have unprecedented flexibility in how and where we access information and applications. We may be in a coffee shop, airport, home or simply in a park with public wifi access. We may be accessing the app through any number of different browsers. With the rise of cloud computing, the browser has become a critical business application. And it’s not safe.

The browser is the weakest link in any security effort because even a ‘secure’ browser’s protection is built on a house of cards. A vulnerability anywhere in the stack -- malware on the user’s machine, phishing attacks, man-in-the-middle attacks -- can leave you open to compromise. One way you can address browser security is to outsource it to specialists and draft an incident response plan.

With the browser protected with a service like Silo, there is no more trying to keep up with patches, scanning for malware or evil twin networks. By outsourcing browser security -- the weakest link in any cyber-defense plan -- you free up time and resources to address vulnerabilities on other attack surfaces.

Hackers are gonna hack, that’s what they do. But by taking the browser out of play as an attack vector, you can make their job much, much more difficult and focus on keeping your data safe.