How Hackers Turn a Profit with Your Data
Hackers are in it for the money, don’t become a source of revenue
By: Frank J. Ohlhorst
The potential for profit drives many malicious activities, and data theft ranks right up there at the top. Take for example your personal data that is stored across various systems and accounts, which can have all sorts of value to those looking to make a quick buck. Hackers have long targeted personal data as a means to garner access to all sorts of things, ranging from bank accounts, to credit cards, to access to additional systems.
Surprisingly, most users make it all too easy for a hacker to access that data, and the attacks hackers use do not have to be all that sophisticated. Cracking passwords, or using phishing schemes, or even good old social engineering is all it takes for most hackers to gain access to data. That said, hackers do focus on targets of opportunity, in other words they seek the biggest rewards from the least amount of work and target the equivalent of the low hanging fruit of cybersecurity.
For most, that translates to easily compromised accounts and passwords are a prime target, yet so few go through the appropriate steps to protect their credentials. That makes PCs and web applications easy pickings for hackers looking to harvest data. For the hacker, elements such as social security numbers, credit card numbers, bank account numbers, and so forth have intrinsic value. Data such as that can easily be sold on the dark web, used for identity theft, or even used to create unauthorized credit accounts or make purchases. What’s more, hackers have very little chance of being caught, and it could take years to undo the damage caused.
So, the question remains, “why do users make it so easy for hackers to be successful?” It is an issue that can be attributed to both ignorance and technology. Ignorance in the fact that end users are unaware that there is better technology available to make it near impossible for accounts to be compromised.
One of the first steps in making accounts hacker resistant comes in the form of replacing traditional user name/password challenges (credentials) with something more robust. In other words, implement another layer of security, which prevents someone that knows your credentials from logging into to a system or application.
The most direct method to accomplish that extra layer of security comes in the form of Multi-Factor Authentication (MFA), where more than just a username and password is required to access a system or application. MFA supplements the username/password authentication challenge by adding an additional element. In many cases, MFA looks to combine something you know (name and password) with something you possess (such as a secret code transmitted to your smartphone or a random number generator on a key fob).
For many, MFA has been a technology perceived as far too difficult to deploy. However, those same individuals have failed to pursue the needed due diligence to keep critical business applications secure and have also failed to acknowledge how MFA has evolved. What’s more, prices on MFA have come down, and ease of implementation has increased - all thanks to the cloud.
Case in point is Kaseya AuthAnvil, which brings full MFA to fruition using easily integrated technologies, which also offesr the benefit of supporting single sign-on (SSO) and user management, both of which should quell any concerns of increased help desk activity, while also increasing security.