A cyberattack is not an unfortunate thing that befalls unlucky organisations.
No, hackers are equal opportunity attackers – no organisation is immune. When they attack, hackers are a force of nature; a concern that keeps many computer network engineers on edge.
Hackers prey on organisations and steal precious information which they can in turn sell for a song or hold it and demand ransom.
Hackers are consistently sharpening their tools of trade – malware – and techniques and use them to break organisations’ data vaults.
To thwart attacks, organisations must first understand the anatomy of a cyberattack and the motive behind it.
An effective strategy for trapping cyber attackers is to know how they think; how they nab their prey and how they siphon precious data.
Hackers start by stealthily researching on their target. They are mainly interested in contacts, especially the email addresses of the top-ranked staff in an organisation.
The directors, the chief executive officer, IT directors and engineers — people who hold prominent positions, are usually the main targets for hackers.
Information about members of the executive branch of an organisation is important because when hackers crack the computer network and send out emails purportedly from the top brass, they are more likely to be believed; the emails are more likely to be acted upon both by recipients inside and outside of the organisation.
A hacker’s most important arsenal is malicious software. They use these software to snoop for fault lines in a company’s computer network.
They then glean out as much information which they can sell, or encrypt the data (make it virtually unusable) and demand ransom before they can convert it back to the original legible version.
Sometimes, hackers may also alter or erase sensitive data for other reasons such as to conceal evidence for criminal activities.
You must be asking why security agents can’t trace the hideouts of the attackers, nab them and make them pay for their crimes.
It isn’t such an easy task nabbing them. They are so smart at covering their tracks that online security sleuths rarely catch them.
To insulate an organisation from malicious software, organisations should maintain up-to-date protective software, or firewall as it is known in computer lingo.
Another line of defence is regular technology audits. Just as organisations regularly conduct financial audits to ensure that their financial processes are adhere to, they should do the same for the technology systems.
Regular audits, both by the internal and external staff, can reveal processes and practices that need to be strengthened.
But one of the most basic but effective means of protecting an organisation from cyberattacks is training the staff – all the staff – as they contribute the lion’s share of most cyber-attack cases.
When it comes to cyber preparedness, the instructive words of Boys Scout movement founder Baden-Powell rings true, “you should always be in a state of readiness …”