In light of recent, highly publicized hacks on Target, Home Depot, and celebrity iCloud accounts, people are wondering if hackers are evolving more quickly than our cybersecurity methods.
Not so, says cybersecurity expert Michael Ricotta of Blue Fountain Media Development. We’re just bad at using the security measures already at our disposal to protect our data, he says.
“Many of the hacks that are happening are the result of being too careless,” Ricotta told Business Insider. “Hacking is not something that is done by some guy wearing a cloaked hoodie hiding in some corner who knows more than anyone else in the world … There are people who have an understanding of how computers work and are able to find where people who don’t know how computers work are improperly handling their own system.”
One way people make themselves vulnerable is by having a weak password. Some hacks are group-force attacks that use publicly available data to hit servers with different password possibilities. People who use obvious passwords are “basically leaving the key to their front door under the doormat,” Ricotta said.
Hacks that target debit and credit card data look for other vulnerabilities.
In some cases, big companies provide access to their systems to third-party contractors who might not have the proper security systems in place. This could compromise customer data from that company.
That’s what happened in the case of the Target hack. The retailer traced the hack back to network credentials stolen from a third-party refrigeration, heating, and air conditioning subcontractor, according to security blogger Brian Krebs at KrebsonSecurity.com.
Once the Target hackers had the company’s network credentials, they could access Target’s payment system and upload software that would lift card information.
“[Companies] are providing access to their systems to unskilled employees who may not have the proper protocols and the proper security systems to actually secure their own environment,” Ricotta said.
Sometimes, putting the right security protocols into place involves restructuring the way people do things within a company or organisation. That could be costly and take time.
“The protocols are there. Are they being followed, are they sufficient? I would say they’re sufficient and I would say they’re not being followed,” Ricotta said. “The difficulty is how do we straddle that dynamic and decide which way to go.”
What people and companies should take from these recent high-profile hacks is that everyone should be diligent in protecting their personal information and the information of their customers.
“You have to very much take into account the same sort of mantra, which is I am responsible for myself and the information I provide the world,” Ricotta said. “We really have become a society where dating is done online, your groceries are done online, everything is done online. You’re releasing more information out there and there are more vulnerabilities.”