7 Common Reasons Companies Get Hacked
Many breaches stem from the same root causes. What are the most common security problems leaving companies vulnerable?
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt387fc0ce9e195eb3/64f0d85d97db1862d4d55d76/hacking-intro.jpg?width=700&auto=webp&quality=80&disable=upscale)
Businesses suffering from security breaches span all sizes and industries, but they often make the same mistakes. Many cyberattacks in 2016 could be attributed to similar root causes.
To be fair, security pros continue to face the same challenges, explains Diana Kelley, global executive security advisor at IBM. The most common causes behind major breaches can be grouped into two categories, she says: humans and hygiene.
The human factor relates to employees' behavior and how they interact with enterprise systems. Cyber hygiene refers to how businesses keep their systems patched and updated.
Each of these broader terms encompasses several bad practices, mistakes, and overlooked steps that contributed to security breaches in 2016. What were some of the most common reasons companies got hacked last year? Read on to find out.
Certain risks will stay strong unless businesses change their behavior, says Kelley. Injections, which she explains is a popular vector of attack, have been a known vulnerability type for fifteen years. They will continue to pose a threat to businesses in 2017.
With injections, the problem isn't coding, she explains, but a lack of understanding among developers on how to validate input. They need to understand what the vulnerabilities are, code robust software, and test it before deployment.
By testing code, businesses can remove vulnerabilities before deploying apps and software, says Kelley. IT and security pros can help developers by providing education and giving them tools to establish apps before they're launched.
Amit Klein, vice president of security research at SafeBreach, cites source code exposure as a popular and dangerous vector of attack. He notes the Yahoo breach is an example of what can happen when source code is left unprotected.
Yahoo used a weak algorithm to generate session cookies, he explains, which enabled hackers to predict the value of cookies Yahoo assigned to their clients. By creating their own cookies, they could bypass password protection and pose as legitimate users. This enabled them to perform actions and gain information on behalf of other people.
Source code should be protected, says Klein. If exposed, it becomes "instrumental" in mounting an attack because hackers can find and exploit weaknesses.
Neglecting to change default passwords and login information is an underlying issue in massive DDoS attacks, says Kelley. Many attacks, like the one caused by Mirai malware in 2016, take advantage of users employing default usernames and passwords.
The risk will grow as more devices connected to the Internet of Things enter our homes and businesses.
For enterprise users, this idea applies to wifi access points, routers, and all vectors where hackers can exploit vulnerabilities. If a business has the same password on multiple devices, access to one means access to all. To maximize protection, they must employ complex passwords.
"We need to get better at not just changing passwords," she says. "You need to make sure you're using passwords that are strong and unique."
The lack of a proper patching strategy within an organization can leave it wide open to attack, Kelley notes.
If an enterprise fails to apply patches issued by its software vendors, the enterprise is at risk because a known flaw can then be exploited by an attacker and result in a data breach, she says.
Phishing has been, and continues to be, a huge issue for businesses in terms of opening themselves to breach exposure, says Kelley. The risk of ransomware, which is often attached to phishing emails, has skyrocketed.
Companies need to learn how to respond to the rise in social engineering and phishing attacks. They can do this by educating users who interact with the systems and teaching them to recognize suspicious content and use strong passwords to protect their accounts.
A common problem among last year's breaches was poor control over exfiltration, or data leaving the business, says Klein. In last year's Department of Homeland Security/FBI case where a hacker claimed to have stolen staff data, for example, the people leaking 200GB of files should have been detected, he says.
It's important to ensure outbound data has a trusted destination, he explains. In many cases, unsanctioned traffic was leaving the organization and going to a place with a low or non-existent reputation. Improved monitoring would have detected this activity and raised a red flag.
Klein anticipates exfiltration will be a top problem in 2017 and is a promising area for additional security measures.
Cyberattacks are multi-faceted in nature, Klein says. Businesses also need to be on alert for infiltration, or lateral movement hackers take to access the crown jewels of a business.
Attackers are adopting more diverse and advanced techniques, from installing malware to social engineering, to accomplish this. They're targeting well-chosen victims. They're using exploit kits to gain access into organizations. Exploit kits, in particular, are quite effective and difficult to address, notes Klein.
"Infiltration is something we should assume," he says, and businesses can reduce their exposure to this threat with good network segmentation, which is a key step towards better security. Poor network segmentation is leaving companies vulnerable, he adds.
Cyberattacks are multi-faceted in nature, Klein says. Businesses also need to be on alert for infiltration, or lateral movement hackers take to access the crown jewels of a business.
Attackers are adopting more diverse and advanced techniques, from installing malware to social engineering, to accomplish this. They're targeting well-chosen victims. They're using exploit kits to gain access into organizations. Exploit kits, in particular, are quite effective and difficult to address, notes Klein.
"Infiltration is something we should assume," he says, and businesses can reduce their exposure to this threat with good network segmentation, which is a key step towards better security. Poor network segmentation is leaving companies vulnerable, he adds.
Businesses suffering from security breaches span all sizes and industries, but they often make the same mistakes. Many cyberattacks in 2016 could be attributed to similar root causes.
To be fair, security pros continue to face the same challenges, explains Diana Kelley, global executive security advisor at IBM. The most common causes behind major breaches can be grouped into two categories, she says: humans and hygiene.
The human factor relates to employees' behavior and how they interact with enterprise systems. Cyber hygiene refers to how businesses keep their systems patched and updated.
Each of these broader terms encompasses several bad practices, mistakes, and overlooked steps that contributed to security breaches in 2016. What were some of the most common reasons companies got hacked last year? Read on to find out.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024