(Ping! Zine Web Hosting Magazine) – A security expert with access to a detailed archive of hack attacks from the last eight years has highlighted the similarities between cybercriminals and business owners and urged bosses to understand the risks they face if they ignore the increasing threat from the underground cybercrime community.
Alberto Redi, founder of Zone-H and partner at Swiss company Security Lab, said: “The real reason for proper hacking, especially for highly-skilled hackers, is money – the strongest motivation in the world.”
Redi issued the warning in an interview with hosting specialist UKFast as part of the Manchester firm’s focus on global Cyber Security Awareness Month in October.
Redi, whose website Zone-H archives hacking incidents, has worked in cyber security for more than eight years, observing the evolution of hackers and their motives. “In recent years I have seen the complete process of ‘hacking-for-fun’ evolve into ‘hacking-for-money’,” he says.
“If you look at the Zone-H statistics it is clear to see that the main reasons behind most low end attacks are ‘just for fun’ or for political reasons. In this case we are talking just about defacements, which can be considered as kindergarten.
“These ‘script-kiddies’ make a lot of noise and occasionally do cause serious damage, but skilled hackers go one of two ways. If they don’t become security professionals, they are likely to join criminal organisations ‘underground’ where they become even more dangerous because we no longer hear them coming.”
He warned that everyone should take heed of cyber security warnings as we are all vulnerable.
“Everyone is at risk and everyone should remember this to help ensure a more cyber secure world. Why are people leaving their homes with their front door locked but surfing the web with an obsolete antivirus and no firewall?”
Despite the increasing frequency of high-profile cyber threats, awareness levels are still surprisingly low. “The change that has to be addressed NOW is to increase public understanding at first, which will then have an impact on the levels of overall corporate awareness,” he said.
“We see the threats and attacks that happen online in the press every day and people read these with curiosity, but it’s still not enough to make the public think carefully.
“The Stuxnnet worm [a virus found last year to be targeting Iranian nuclear plants sending many of the centrifuges at Tehran’s nuclear facilities spinning out of control] is expected to mutate to a second version. Is that not enough to make people take notice of the threats out there?”
Redi reiterated the importance of prevention rather than a cure once a business has been compromised. “If a business has been hacked it is too late. The only thing that you can do is to report the attack and try to fix the problem with well-known security specialists. The ‘do-it-yourself route in the security world is not a good idea.”
Redi’s top five cyber security tips are:
- Awareness [know the threats that you are facing]
- Patching [software or updates to fix problems and bugs – including fixing security vulnerabilities]
- Tools [that help the application of a patch]
- Auditing [evaluate the strengths and weaknesses of a cyber security strategy]
- DO NOT do it yourself!
Download UKFast’s report Data Security – Protecting Your Profits: http://www.ukfast.co.uk/data-security-protecting-your-profits.html