Most hackers breaching networks are looking to steal anything they can monetize, such as PII, cardholder data, or information they can sell.
Other hackers just want to watch the world burn.
The U.S. Department Of Energy (DOE) announced that they have been successfully hacked 159 times in the last 4 years. That’s almost a hack a week.
In total, the DOE was the target of a total of 1,131 cyber attacks from 2010-14.
Out of 159 successful entries, 53 were root compromises, meaning that the intrusions gave attackers administrator-level privileges to the most hush hush of information.
So what’s the worst-case scenario here?
We’ll leave it to your imagination what men who potentially hold sensitive data about America’s energy labs, power grids, and the nuclear weapons stockpile could do.
“The potential for an adversary to disrupt, shut down (power systems), or worse … is real here,” said Scott White, Professor of Homeland Security and Security Management and Director of the Computing Security and Technology program at Drexel University, speaking to USA Today.
How Could This Happen?
It’s natural to wonder how the DOE got breached that often in the first place. The truth is, it’s really nothing out of the norm. The bigger your organization, the bigger and more attractive of a target you become. During peak seasons, it’s common for large conglomerates to get attacked thousands of times a day.
You could defend your network against hundreds and thousands of attacks, but all it takes is one hacker to slip through the cracks to bring your whole castle crashing down.
Adopting only a perimeter defensive type approach to IT security simply isn’t enough anymore.
How Do I Stay Secure, Then?
A common practice, and one that we expect the DOE to have already taken, is to isolate anything sensitive from the internet.
Any system you are storing sensitive information on should not have access to the internet or be part of any networks. No way out means no way in; even if your network is breached, the hacker would have no access to any of the real precious stuff.
However, it’s rarely ever that simple. The sensitive data on your isolated systems tend to find ways into your network, which can spell big trouble.
Staff mistakes or funky network setups might lead your data back into circulation. And the biggest problem with this is, if it happens, chances are everyone will be none the wiser. For all you know, your network might be a goldmine of sensitive data you’re not even aware of.
Data security tools like Ground Labs’ Enterprise Recon help in making that unknown threat known.
Scan your network for anything sensitive, and then take action to remove those threats.
After that, it’s just a matter of constantly monitoring your network with routine scans, to make sure that no new threats are introduced.
If Government bodies with million-dollar security budgets can’t keep hackers out, don’t be too confident on your chances to do the same. Take every precaution necessary to make sure that you are not the next big data breach headline.