White Hat, Grey Hat, Black Hat Hackers; or as I like to call them, ‘The Mad Hatters.'
• White Hat: The Good Guys! – Check for vulnerabilities throughout the technical scale of networks and Applications. Help you patch your systems, so you don’t get compromised by the other guys.
• Grey Hat: Good guys, with some questionable morals! – Exploit your system, cause havoc, generally for a good reason. Give recommendations on how to fix and patch the things they just broke (use your dev environments.)
• Black Hat: Bad guys for your systems! Hopefully kind to their mothers – Sole purpose of compromising your Data for fun, to cause Havoc, or because they were paid to do so and want to raise your money out of you (see evil.)
As most of you are probably aware (or should be by now), we no longer live in a world where the worst thing you would have to worry about is wars with weapons or Natural Disasters.
Today’s wars are fought in Binary and can cause unprecedented damage to those who are not protected. The ‘Internet of Things’ is a hacker's Playground.
It’s not just Tech companies who get targeted. Any business, whether it be Government, Utilities, Technology Based or Breadmakers (And everyone in between) can and will most likely at some time, become a target for Hackers.
With countries like Korea, Russia & China doing state-sponsored hacking, there has never been a more critical time in history to make sure your data is protected. Data breaches can not only be a costly affair (Sony, Sage and another few to boot) they also have the ability to cripple companies.
With Ransomware attacks taking out critical medical systems in hospitals, you can quickly see what damages these Mad Hatters can do. Hackers have the ability to cripple systems and even regions of the internet that can knock continents off of the world wide web.
In today’s world of never-ending attacks from botnets, Crypto were, Ransomware, worms, Trojans, Zeroday & DDOS attacks and Security backdoor programs, some Government lead (Hi NSA & GHCQ!) it can become daunting for Companies to keep track of all the people trying to gain access to your network and more importantly, your data. Not every company has the luxury of Multiple technical teams to Tackle the big bad IT world. Consolidation, Outsourcing & Economic pressures have caused companies to try and do more, with less. A nice Ideology in theory for saving money; a logistical nightmare on keeping on top of your infrastructure while keeping updated with the latest threats with technology with only a small team, sometimes a single person!.
So what can you do? Would you cope if you got compromised? Would you even know if you had been compromised?
Where do you draw the line? Do you have a Disaster Recovery Plan? Do you have Backups? Have you even tested it since you installed that new San system or moved your data to ‘The Cloud’?
Unfortunately, even in today’s war zone, it’s frightening how many companies I have come across who’s Disaster Plans would have drowned them if they had to rely on them. Missing information, excluded data that shouldn’t have been excluded. Lack of Staff training disjointed departments who don’t talk; the analogy of the left and the right hand not knowing what each other is doing is pretty apt.
The assumption is the mother of all downfalls, remember that. Never assume, Test, Fix, Repeat.
Test your security. Do it in two stages.
Stage 1: Do an internal security Pentest on your apps, core network, test your user's knowledge (Don’t click on that email you wasn’t expecting with the dodgy attachment) Check your Anti-Virus, buy a decent one if you haven’t already! Review the results & Fix, get 3rd party help.
Stage 2: Get an external party comprised of Ethical hackers, (Some grey hats for fun) to test your systems to see how secure you are, its worth the money! It will save you money in the long run. Then patch and repeat test yearly, or after any major change to environment or services.
Also, invest in some really good firewalls!
Best of yet, pick up the phone and call Silverstring on +44 (0)844 8155 805 or fill in the form below and we would be happy to help you protect your networks.