Who's Afraid Of The Big, Bad Hacker? Enterprises Should Be

Guest author Marcus Austin is a technical writer at computer security training firm Firebrand Training.

Among the more popular products to debut at last month's Consumer Electronic Show (CES) in Las Vegas, were cross-over machines, tablets and PCs designed for double-duty - to be used at home and in the office.

The shift towards BYOD (Bring Your Own Device) into the enterprise is unstoppable. Employees are happier - and more productive - when they're able to use their computers. Unfortunately, computers that travel from location to location (often left in places where they can be stolen) can be an easy vehicle for hackers to get into corporate networks. 

Only The Paranoid Survive

Like many industry innovations, BYOD offers as much opportunity for wily cyber-thieves as it does for corporate efficiency. Unless enterprises ratchet up their level of vigilance, 2013 is poised to become the most destructive year on record. That will play out in four main areas:

1. Mobile. Experts warn 2013 will be a banner year for mobile malware. Smartphones and tablets running Google's Android  operating system will hardest hit because of both its openness and the relative ease of adding apps. Historically, Windows machines presented the one target too big for hackers to ignore, and attacks on Windows PCs increased three-fold last year. But this year the action will expand to Windows 8 tablets. Out-of-the-box security features in Windows 8 make hacking harder. So many hackers are shifting their tactics to old-school methods like phishing and other techniques that rely on social-engineering of users instead of hacking the code itself

2. Political. Most hackers are simply greedy. But an increasing number are motivated by politics. They want to bring down organizations or businesses they deem offensive. Some of these politically motivated attacks have aims than can be more subtle than just destroying data or interrupting service. The New York Times recently discovered that Chinese hackers had penetrated their computers systems for four months, seeking information on an investigation into the wealth of a top Chinese leader and his family. The hackers eventually obtained the passwords of all Times employees, and used them to break into the PCs of 53 employees. A day later, The Wall Street Journal reported a similar attack.

3. New Gateways. HTML 5, the latest version of the HTML standard, allows users to personalize their browsing experience, and lets businesses build browser-based applications. But reducing the layers of technology between the browser and internal systems removes obstacles for would-be hackers. As businesses make greater use of popular social networking sites like Facebook and Twitter, hackers can gain access to personal data that can be used for phishing or other "social engineering" attacks. And there's also the potential for corporate networks to be infected by malware from social networking sites.

4. Hacking-as-a-Service? Believe it or not, hackers are providing suites of sophisticated tools so that even casual criminals can mount credible cyber-attacks. The availability of user-friendly hacking tools has the potential to expand the hacking universe by an order of magnitude.

Forewarned Is Forearmed

Remedies are available. Greater password security, network access restriction, firewalls, and abundant redundancies are some of the steps that can help prevent attacks. These are fixes for gaps in the system's hardware and software created by the businesses themselves because they were poorly designed or were not thoroughly tested.

The best way to thwart a would-be criminal hacker is often to hire an "ethical hacker" to design new applications and test them as well as the system as whole. It turns out that the most effective way to counter a hacker’s attacks is to provide him or her with a worthy - and human - opponent.

 Image courtesy of Shutterstock.