No system is unhackable. That is the hackers’ credo. And it is accurate. There is no security system that cannot be breached. The catchphrase these days is “military-grade” encryption. The truth is, the military-grade security system is managed by human beings! It goes without saying that what one human being can do. Another can do better.
The good guys, the IT professionals, and cybersecurity experts are always in the comfort of their offices. They can easily sleep off. However, the bad guys are highly motivated.
So what is hacking and how do hackers do it?
Hacking is a breach of three elements of security – confidentiality, integrity, and availability.
If your governance maturity is high, your company has a document classification policy. In the document, you have records classified as (i) public; (ii) confidential; (iii) privileged access and (iv) highly restricted access. Each company has its own ‘classification’ format and guidelines. A document classified as ‘confidential’ means it is not for public consumption.
If a hacker manages to gain access to such a document, one aspect of your security, confidentiality, would have been breached. Such a breach could be escalated leading to more breaches and loss.
Why is confidentiality critical?
A bank, just like any other organization, thrives on the assurance of confidentiality for its client data. Now imagine a hacker accesses all your customer bank accounts details showing the name of the customer, account name and number, personal details like national ID and photos on file, the contact details like mobile phone and email and next of kin.
With such information, the hacker could do many things to monetize it. They could put the database on the dark web for sale or for bidding. The highest bidder gets the prize. A bank with 20,000 customer accounts details could earn the US $200,000 from a bidder! Why such records are accurate.
Now, the buyer would go on a rampage to make money from this information. This is how:
They may contact clients, one by one. Some are people in high places and could have stolen money and hidden it in the accounts. They may arm-twist them and ask for a ramson! For example, hackers do research. They may find out on your social media profile that one is married with children. However, on their bank account, the indicated next of kin is not indicated in their family profile. The next thing they do is to threaten you to spill the beans that your stated next of kin is not any of your close family or wife and children. You know such information, if it got to your family, could lead to problems. the next thing if you have more than the US $300,000 on your account, you could end up paying half of it to the hacker!
Hackers succeed because leaders think that one must be tech-savvy to compromise your security. That is not true. Hackers use the easiest way to compromise you. Dumpster diving, where someone checks in your rubbish bin for unshredded or poorly shredded documents can help them land on bank accounts. Many data security breaches from homes come from what they throw in their rubbish bins. Next time, don’t go with bank documents at home. If you do, don’t leave them on the table where the house help could throw them in the rubbish bin which the ‘kasasiro’ folks could remove and get you into trouble. Why try to hack into your system using sophisticated technology if everything I need is in your rubbish bin?
In the next articles, we explore the other aspects of security, and a step by step approach hackers use and why they succeed. And later article, we explore how to protect against the hackers.
Copyright Mustapha B Mugisa, 2019. All rights reserved.