Cyber Security and MafiaBoy

There have been reports of a major cyber breach on an almost weekly basis in the past 12 months. Cyber attacks are increasing in number and sophistication, with SMEs becoming an increasing target.

Why target small businesses?

Sarah Green, a cyber security expert from Training 2000, says that hackers perceive small businesses as easy targets. Hackers, according to Green, prey on the knowledge that SMEs are generally unequipped to deal with attacks; often assuming a mindset of ‘it won’t happen to us’.

SMEs are also usually specialised in their nature and tend to accrue customer data that is both revealing and in-depth, and such data is often all too enticing for the average hacker. But, this is not to say that hackers are overlooking big corporations (and their stockpiles of metadata).

Earlier this year, US President Obama called for an overhaul of ‘out-dated’ cyber security infrastructure in response to a series of damaging cyber attacks on federal networks. This call to overhaul has triggered reflection and scrutiny of the current laws.

So, when did the current security laws come into effect and what (or who) prompted them?

The answer: 15-year-old Mike Calce, in the year 2000. After hooking up with a group of elite Russian hackers in 1999, Calce (known to the media as MafiaBoy) ventured into unchartered cyber territory and launched a series of highly publicised attacks, shutting down eBay, CNN, eTrade, Amazon and Dell over the course of a week. He did this by hacking into every major college in America and combining all the compromised networks to launch a coordinated attack on the commercial websites, resulting in 1.7 billion dollars of lost revenue. Until then, no breach so large had ever been committed.

Calce says he demonstrated only what everyone else in the hacker community was already aware of: how powerful the Internet can be, and how easily (and gravely) it can be manipulated in the wrong hands.

While this attack may seem modest compared to modern DDoS standards, this cyber strike will be remembered as the cyber strike that put Internet security issues on the map, drawing international attention to the potential vulnerabilities of the Internet.

Calce, now a ‘white-hat’ hacker (that is, a computer security expert and adviser) says that it is easier to do what he did now than it was back in 2000. This word of warning, not to mention the soaring numbers of online data breaches in the last decade, should spell out the need for businesses to secure corporate data. However, the question that lingers with many workplace managers is how best to do it?

1. Protecting devices

One way to secure data is to install web-protection software that prohibits devices from accessing dangerous sites within the workplace. You can also use software to screen all external devices that request to join the corporate network, with access only granted under certain inviolable conditions.

2. Strong passwords

It seems obvious, but this step can often be overlooked. Having a weak password can leave data vulnerable to hackers. There are numerous sites you can use to help you generate a strong, protective password in moments, including: http://passwordsgenerator.net/.

3. Strong authentication

Encrypting information on a PC or mobile device protects customer data from unwelcome, prying eyes. Customers’ private information should remain on central company computers, accessible via a password with two-step authentication providing extra fortification against intruders.

4. Use SSL on your website and email

An SSL or Secure Sockets Layer encrypts the connection to your site or email. Historically, it has only been used by eCommerce sites as a legal obligation, but as SSL’s become cheaper or even free, it’s a good idea to add one to your site.