The fear of hackers is increasing
Digital attacks on businesses have steadily increased in recent years. Many Norwegian businesses, and especially critical agencies, have come to know it well. Norwegians have also experienced it privately. We have to be much more observant of small attempts through strange SMSes, funky emails and strange inquiries on social media.
Having to face so much unforeseen and unknown can create frykt. Therefore, we will make some recommendations to remove the fear. And what removes fear best? We think there is good information and answers as to why you should do the things we recommend. So that you get a better understanding of what we are working towards in the digital world.
We start at the bottom and work our way up, so if you know a little from before you can just scroll down. If the terms are a bit new to you, we recommend reading the entire article.
What is a hacker?
Most people think of a hacker as a dark figure in a Finnish cap who sits behind a screen and clicks several hundred keys a minute. At the same time, they may send you an audio file with threats and demands for how you can stop the attack. Such hackers certainly exist, but they probably mostly belong in action films.
We describe hackers as digital thieves. At home in your house or at work, you would like to have a snap lock, each your own code to enter, access card and alarms that automatically go on and off. There are good measures to prevent thieves from breaking in to steal expensive equipment or valuable products. Hackers, on the other hand, don't need a crowbar, hammer or any tricky keys to get in. If you have an unsecured Wi-Fi solution in the office that all employees use, then the door is open. Then they can steal all the information about your people, all the information about the workplace they find and much, much more.
Who are hackers?
Hackers can be anyone who understands how IT equipment and IT solutions are built, and who has learned how to penetrate your Wifi, your firewall, your password solutions or whatever you work with. Anyone can learn how to hack via YouTube. That is probably what causes extra great fear for many.
What is the goal of hackers?
The goal of hackers is often to make money, but they don't always make money from the information they get from you or your company. They make money because that information is often valuable to you. Their goal with each and every attack attempt is to get the ransom. If, on the other hand, you are sitting on information that also has public value, such as social security numbers or other data they can sell on, then it is also automatically valuable to them.
Why are hackers after me?
Just like the mosquito (everyone has greeted it this summer, right?), hackers usually choose their victims arbitrarily. Anyone can experience it. Large and small. The exception is often in warfare or if they are looking for specific information.
Of course, there may be reasons why they have chosen precisely that you. Your company may have products and services of interest, information they want to get their hands on, or they are attacking you to get to another major player with whom you cooperate, and you became an easy victim in the hunt for security holes for the next victim.
How does a hacker work?
Hackers can be employed somewhere or in an organization that does hacking full time or they can be people who just do it for fun. Some do it because they set themselves small tasks, while others do it to make easy money from people who are put in a difficult situation.
What does it mean when people are a "white hacker"?
A "white hacker" is a hacker who works with hacking to reveal security holes so that the company they work in or customers can fix these holes. A white hacker is supposed to think like those with the Finnish hat, but does not carry out the theft. After the attack has been carried out, the white hacker tells where the security holes are and how to close them.
Is hacking illegal?
Yes, it is. Unless you have on paper that you are going to carry out a hacker attack to contribute to companies' security, you are obtaining information and access to data without justification. In Section 201 of the Criminal Code, we can read that actions such as those we describe above are punishable by a fine or imprisonment of up to 1 year.
So to the most important question: How can I or we avoid being hacked?
How to secure yourself as a private person:
- Download an Authenticator app for your mobile and use two-factor where you can, social media, email, etc.
- Have a conscious relationship with how you create passwords and how often you change passwords. Learn more about password hygiene here
- Keep in mind that what is posted on the internet very often stays there
- Email is the way most things are spread, so be skeptical of unknown senders. Ask an expert once too often, rather than the opposite
- Have some form of security software on the PC, as a private person you often get access to this, for example through an internet provider or online banking
How to secure yourself as a company:
- Use two-factor authentication to protect user accounts, especially those with administrative privileges
- Keep track - what you don't know about, you can't do anything about
- Protect the systems against malicious code, and have security software on clients and servers
- Update systems regularly - serious vulnerabilities abound every day
- Set up the systems according to the manufacturer's recommendations, but also with safety in mind as well as making it work
- Email is often the starting point for attacks, so filter traffic and train your staff to spot fake emails. Braathe offers digital security training in CYBR
- Make a plan for what to do if something happens
Do you want experts on the team?
Couldn't you check off the whole list? We know that there are many employees out there who wear several hats in their day-to-day work. Often, the IT hat can be a little too small or only be on standby when the e-mail is down. Unfortunately, there is usually no quick fix to achieve comprehensive and good security, - often the picture is complex and it requires time and resources to stay up-to-date and stay ahead of the curve. We have people working on this full-time and we collaborate with leading players in the IT security industry.
We can assist with guidance, in everything from value assessment of information, risk assessment with potential threats to your company, to the delivery of equipment or software to protect the vast majority of parts of the infrastructure in data centers and in the cloud. Good luck with the security work. We hope your fear of hackers subsides little by little!