Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/18/2017
01:45 PM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

7 Common Reasons Companies Get Hacked

Many breaches stem from the same root causes. What are the most common security problems leaving companies vulnerable?
Previous
1 of 8
Next

(Image: Wk1003mike via Shutterstock)

(Image: Wk1003mike via Shutterstock)

Businesses suffering from security breaches span all sizes and industries, but they often make the same mistakes. Many cyberattacks in 2016 could be attributed to similar root causes.

To be fair, security pros continue to face the same challenges, explains Diana Kelley, global executive security advisor at IBM. The most common causes behind major breaches can be grouped into two categories, she says: humans and hygiene.

The human factor relates to employees' behavior and how they interact with enterprise systems. Cyber hygiene refers to how businesses keep their systems patched and updated.

Each of these broader terms encompasses several bad practices, mistakes, and overlooked steps that contributed to security breaches in 2016. What were some of the most common reasons companies got hacked last year? Read on to find out.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
kevinmn
50%
50%
kevinmn,
User Rank: Apprentice
1/18/2017 | 8:58:57 PM
Company Hack
well! in my point of view, there are many reasons that a company may be hacked. It's a long war between companies and hackers. When you look at why people are still getting hacked or breached, I think a big contributor to that is either not knowing if you were patched or if you were patched and you were secure at one point, but something happened in operations that caused you not to be patched again
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
1/23/2017 | 11:45:00 PM
Re: Company Hack
Agree! And when people do something silly like not changing passwords, leaving ports open or not setting expectations of users the problem is only compounded. There was a recent Ponemon study, for instance, that found 62 percent of respondents were pessimistic about their ability to prevent the loss of data contained in printer mass storage and/or printed hard copy documents. They gave reasons for their feelings. You can read the rest of the blog here. It's a bitly: /2cFfLM2

--Karen Bannan for IDG and HP
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/24/2017 | 8:30:40 AM
Missing #8: Being a target
While these are great examples of *how* a company can get hacked, one of the biggest *whys* in my experience -- and perhaps a more powerful "security" flaw than any of those listed here -- is being a big target in the first place.

Consider Sony, which sued a 13-year-old hacker for modifying his PlayStation.  In the wake of the PR disaster that followed, the company and its PlayStation Network suffered countless mega-hacks.  In choosing to listen to the legal department without properly taking into account any counterbalancing viewpoints erring on the side of risk management, Sony may as well have painted a big red target on its back and announced to the world, "Open for hacking!"

Less notoriously, consider the University of Virginia hack a couple years ago that was traced back to Chinese operatives.  The only information, apparently, that the hackers wanted was in relation to two particular employees.  Employing these two high-interest individuals was enough to bring U-Va. within the crosshairs of nation-state hackers.

Flaws are flaws.  Everybody has security flaws.  But there is something to the idea of security by obscurity.
Navrit
50%
50%
Navrit,
User Rank: Apprentice
1/25/2017 | 6:02:08 AM
Re: Missing #8: Being a target
This article is d 'Une grande importance Parce Que pour moi la sécurité de nos Données is a première et essentielle commentaire réussir in the sauvegarde de nos informations et d' eviter tout tracas et perte de Données.  
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/26/2017 | 11:23:04 AM
Re: Company Hack
@kbannan: Interesting point, considering that German and Russian government entities have reportedly gone back to typewriters in some instances to increase data security on particularly sensitive matters.

What this comes down to is M&M security (hard on the outside, soft in the middle) vs. holistic security throughout.  The locks on my office door are probably easy to bypass for someone wilful enough.  But the lock on my office safe presents a new and harder challenge.  If I don't have that safe or don't use that safe, however, then a bad guy just needs to get past my office door.

The same principle applies equally among both physical security and cyber security, of course.
Redhat62!
0%
100%
Redhat62!,
User Rank: Apprentice
1/27/2017 | 12:45:19 PM
Password? Really?
What evidence exists that default non-unique, or weak passwords are a common reason?
VesnaE29
50%
50%
VesnaE29,
User Rank: Apprentice
1/28/2017 | 10:10:34 PM
Reasons why companies get hacked
Here is an admission of guilt - I used to hack when i was in my 20s and when I thought it was fun slipping trojans into peoples emails, running port scans and checking for open telnet ports.  It was kind of, well, fun and exhilareting to do something others didn't know how to do.  What that makes you realise is that people are well, lazy when it comes to securing their data.  People fail to realise what their data is worth to someone else, period.  And to be honest here, social engineering never, ever seems to fail.  You can have 10 firewalls sitting around your data and have a DMZ inside the DMZ, but all it takes is for a person to off handedly mention an IP address you can use, or a password for a device that allows you to get onto another advice and then get to that dbase that holds the information you want to access.  The way I see it, educating people is the ONLY way to go.  Teach people how to write good codes. Teach them how to recognise corrupt codes. Teach them to keep their egos in check and not just broadcast information about secure data to others, because that exposes them to social engineering risks.  Education and more education is the key.  I don't think it will ever stop hacking and cyber attacks because there are a lot of curious people out there, but at least it will minimise the damage when data security breaches and thefts occur.   
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29430
PUBLISHED: 2021-04-15
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it mak...
CVE-2021-29431
PUBLISHED: 2021-04-15
Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform a...
CVE-2021-29432
PUBLISHED: 2021-04-15
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
CVE-2021-29447
PUBLISHED: 2021-04-15
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has be...
CVE-2021-30245
PUBLISHED: 2021-04-15
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to ...