Hackers Target Specifically Based on This One Thing

How Hackers Choose Their Targets

According to Security Boulevard, the #1 security vulnerability identified by IT managers is unpatched systems.

Hackers target vulnerable systems.  There it is.  That is the big secret, which likely isn’t as shocking as one anticipated.  Why do hackers target vulnerable systems?  This too is rather simple.  They don’t want to have to “work” at hacking the system, they want users to leave the door open for them.  And often times they are.

Leaving third-party applications and operating systems outdated leaves endpoints and servers, as well as all the data on them, vulnerable to attack.

It is imperative for users to update all devices in a timely manner.  Often times this will take longer for larger businesses, as proper testing should be completed to ensure the update will not negatively impact the functionality of existing software or devices.  That being said, the testing process should take place once updates are available, so updates can be installed as quickly as possible.  It should also be noted, major software companies, such as Microsoft, have reoccurring update release dates.  Therefore, IT professionals can schedule when testing will need to be completed with the predetermined update dates.

Automate Updates?

Users at a smaller scale, either home users or perhaps a smaller business may automate application and operating system updates to take the legwork out of manually launching the update.  This feature is great for those who want to set it and forget it.  However, users must remember to reboot their PCs every day.  When updates are installed, they often are not finalized until the device is rebooted.  Therefore, users may think they’re protected with the latest updates, but in reality, they haven’t finished installing because no reboot has been initiated.

Rebooting is equally important for those who manually update as well.  If it isn’t getting done — the update is NOT complete.

Other Forms of Vulnerability

Although unpatched systems were the primary security threat identified by IT managers, other vulnerabilities should be addressed as well.  Additional factors to evaluate include multi-factor authentication, IoT devices, BYOD policies, and password strength.

Multi-Factor Authentication and Password Strength

First and foremost, no one should be able to access your network with one basic password.  Employers should be employing a multi-layer authentication feature to access their networks.  As a component of that, proper password regulations should be in place.  This includes requiring passwords to be changed every 30-45 days, including specific characters and numbers, and offering a password vault for employees to track their passwords to prevent them from being written down or kept in a Word or Excel document.

IoT and BYOD

The Internet of Things (IoT) has taken over the world.  We’re more connected now than ever, whether it is our smartwatches notifying us of text or calls, or checking emails through our phones.  We often bring these devices with us to work and connect them to company networks.  This creates a major problem.  If these devices are infected with malware of any kind — viruses, ransomware, spyware, etc. this malware can now spread throughout the company networks.  Also, the likelihood of these IoT devices having any form of security solution installed is minimal at best.  They often do not come with any form of antivirus installed, and some devices are not compatible with security solutions at all.

Therefore, having a solidified Bring Your Own Device (BYOD) policy is important.  Employees should know what is allowed and expected, and what is not.  This should include three major things.  First, what devices are permitted to connect to the company’s networks.  Second, the company needs to mandate a security solution is installed on all devices permitted to connect to company networks.  Lastly, it must include disciplinary measures if the policy is not adhered to.

 

6,382 total views, 38 views today

(Visited 5,418 times, 6 visits today)

11 thoughts on “Hackers Target Specifically Based on This One Thing

  1. PCMATIC
    Thanks for the very useful information. I will be certain to do the things you suggest ie: rebooting directly after any update (I am retired and can do this) to help stop people from hacking my pc.
    I will send your information to my son who works in a business where data could be compromised.
    Thanks again
    God bless
    Wayne

  2. We have been using LastPass for about two years and highly recommend it. If they are ever hacked my 112 passwords will really cause me a problem! The government needs to address this problem

  3. I’ve used RoboForm and LastPass, the latter of which I’m using now. Both are excellent, but I gave RoboForm the flick because every time I went to renew my subscription I could never find out where to subscribe, it took me through a path of “sales opportunities” I wasn’t interested in to the point of frustration.

    LastPass has two-factor identification using Yubikey and is also available on iPhone and possibly Android devices. It’s also very inexpensive. I’m very happy with it.

    • We do not have a recommendation for a password generator. Many users just make up their own, but store them in a password vault so they are not left written down or saved in insecure programs on the device. One password generator we’ve heard great things about and had success with at a personal level was LastPass.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.