Jurica Dujmovic

Your Digital Self Archives | Email alerts

July 24, 2021, 4:01 p.m. EDT

Computer hacking may never fully go away even with the best new technology — and we may not want it to

new
Watchlist Relevance
LEARN MORE

Want to see how this story relates to your watchlist?

Just add items to create a watchlist now:

  • X
    Cloudflare Inc. Cl A (NET)

or Cancel Already have a watchlist? Log In

By Jurica Dujmovic

IT-management-software maker Kaseya said in early July it had succumbed to a ransomware attack , which exposed data and compromised over 1,500 companies in its database. What’s worse, the real numbers could be higher, making this one of the largest known supply-chain cyberattacks ever.

This wasn’t the first, nor it will be the last, such attack. However, certain details made cybersecurity experts worried: First, hackers used a zero-day exploit, i.e. a yet unknown flaw in the code, to execute their attack. Second, they targeted a company that isn’t as valuable a target as a bank, for example, but has a strategic significance due to its connection with the companies it serves.

According to experts, independent hackers are upping their game, employing advanced tools and strategies, acting like elite government-backed hackers, rather than mere criminals .

While I don’t necessarily disagree with this assessment, I can’t help but wonder if these experts have underestimated the global hacker community? Also, it is as if they’re not aware of the state and rapid growth of global data infrastructure.

Globalization and unification

We live in the era where digital globalization and unification have reached the highest levels in history. In addition to some benefits, this also brought multiple risks to the table.

One is centralization. Instead of having a decentralized structure that is fragmented across multiple nodes, the data is often stored in a unified system, which means there is a singular point of failure. When that system gets breached eventually, the attacker can gain access to more information and power than he would’ve had if he had accessed a walled-off segment of the same system.

This is especially the case with cloud-based services . The monopoly power of tech giants and service providers growing across the developed world is another pain point as it ensures that a handful of companies provides services to the vast majority of enterprises that share a unified infrastructure and software backbone.

While it may not be obvious to those less tech-savvy, it’s quite easy even for a newbie hacker to discern what operating system (OS), content management system (CMS), marketing technology (martech) platform or other point of entry his victims use, and what kind of vulnerabilities — if any — exist for the version the victim is currently using.

All that’s left is to execute the attack and cover his tracks.

Social engineering

Finally, one must never underestimate the power of social engineering ; this approach is superior to any other as it provides access to valuable information regardless of the failsafes in place. If anything, experience has taught us that no system is impervious to hacking.

This also means that the endgame shouldn’t be to make a system “unhackable.” Rather, the goal should be to limit and mitigate the damage that could result from a possible breach.

Placing countermeasures that make hacking more trouble than it’s worth is a better tactic than enticing hacker with huge vaults of digital treasure. Instead of relying on “good old Windows ” or WordPress , one should use lesser-known, or even bespoke, operating systems and software whose exploits aren’t publicly available.

But these investments require knowledge and additional funds, and companies are either reluctant, unqualified or incapable of making the necessary move.

However, there is more that companies can do to protect their data and network.

1 2
This Story has 0 Comments
Be the first to comment
More News In
Industries

Story Conversation

Commenting FAQs »

Partner Center

Link to MarketWatch's Slice.