Companies are constantly under the radar of cybercriminals. In the summer of 2015, some of the most prestigious law firms in New York like Weil Gotshal & Manges and Cravath Swaine found themselves as targets of a cyber attack.
Partners were tricked into providing their email passwords to a trio of hackers in China, allowing them access to sensitive information on upcoming mergers. From computers halfway across the globe, the cybercrooks traded the stolen data for $4 million.
Being a victim of espionage could immensely tarnish an organization’s reputation as keepers of clients’ secrets. It may be a hard pill to swallow, but this news alone should be enough as a wake-up call for businesses around the world to secure their information from cybersecurity threats.
Being one of the top banks in the Netherlands, ABN AMRO faces a regular onslaught of cyber attacks – everything from ransomware viruses, denial of service, and threats to internet banking customers. As a defense, the company has piloted an effective program, building an entire CISO department dedicated to assessing risks and secure all bank transactions.
Here’s how they have been so successful:
The greatest weakness in an application’s security is not the insecure cryptographic storage nor the cross-site scripting – it’s the employees (internal) and the users (external). There are various avenues to reduce the massive security threat that humans represent.
Train employees, inform users, update policies, and push them to go through multiple levels of authentication. All these efforts are a worthwhile investment considering that hackers are employing increasingly effective phishing scams to victimize more people.
In an ideal world, you will have all the money that you need for building foolproof security infrastructure. Since most companies, especially start-ups, have limited budgets for protecting applications, becoming invulnerable to cyber attacks is nearly impossible.
A multi-step verification process may significantly increase safety, but it could make the application less usable for its users. Instead, focus on understanding weaknesses and develop network security accordingly. A good way is to invest resources in detecting fraudulent activities in case a hacker gets an entry.
It may sound counter-intuitive but hiring actual hackers to break into your network could be the most effective way to get the right solutions. In fact, there’s an entire field of experts who specialize in exactly this kind of work. Ethical hacking is a thing, and you can get these security consultants to test your company’s protocols.
The fact remains that any weakness can be exploited by hackers. Your best defense is to stay ahead by finding out where your vulnerabilities lie and making the most out of your available resources to build security.