7 reasons why organisations get hacked. #CyberSecurity #Hackers #InfoSec

As a security consultant and solutions architect helping clients in the EMEA region design and implement security solutions to protect critical network infrastructures I often ask myself why companies get hacked. A trivial question it may seem but deeply rooted in the fact that we as humans are often the weakest link in complex cyber security systems and do make mistakes.

If you are a cyber security professional or security enthusiast this article is for you. I cover 7 reasons why companies get hacked based on my experience working with clients in several sectors including banking, healthcare, insurance, oil & gas, etc.

The question is not if your company will get hacked but when. Planning and on-going preparation is the ultimate protection against cyber attacks.

1. Humans are the weakest link

Humans are programmed to make mistakes. That’s how we learn. That’s how we have evolved biologically. Look at SpaceX, they made lots of mistakes and eventually mastered advanced rockets and spacecraft technologies. Even with a team of experts they still manage to crash lots of rockets before docking successfully to the ISS.

The same applies to cyber security. Mistakes will be made, not if, but when. When that happens an attack window opens. A hacker may strike within that gap. Even in the most tightly controlled networks humans make mistakes. This is inevitable so the best defence is to implement robust security measures, but also plan and prepare for fast re-mediation.

2. Cyber security technology is very strong but expertise is weak

With all the stories we hear in the news about several small and large firms being hacked a naive question may be asked as to why organisations can’t just buy the most secure and advanced solution and be done with security. Things are not so simple.

For one, security systems are designed, implemented, and managed by humans. As long as that remains the case a flaw may always appear in the chain. Moreover, cyber security technology is extremely strong and we are not short of amazing technologies.

One only has to look at firms like F5 Networks, Clearswift, Darktrace, Forcepoint, and FireEye— just to name a few. All are providing advanced cyber security solutions that deliver robust defences in many unique ways. Yet the expertise to configure these sophisticated security products for their most optimum performance remain scarce and very niche. Hackers know about this expertise gap and are exploiting it to their advantage.

3. Hackers have the edge

Hackers do what they do for fun, for money, for government and industrial espionage, for political reasons, etc. They only have to find ONE flaw in a system whereby security administrators must patch and protect against for ALL flaws — whether technological or sociological. That is not an even fight!

With enough patience and will even the most secure system will be compromised by dedicated hackers with the expertise and patience.

What really matters is how fast a company can react to security flaws, patch holes, learn, respond, train, and continue to strengthen security measures and on-going processes against cyber attacks.

4. Cybercrime pays more

Cyber criminals are moving to the digital ‘battlefield’. It makes sense since cybercrime appears to be transparent, less risky, and the chance of being caught seems remote.

One can look at the recent cyber attacks at several banks that exploited the Swift banking system with several millions of dollars at risk in what appears to be the greatest cyber theft attempt ever. Online crime is seamless, it’s cyber, and it’s often untraceable. No wander why this is becoming more and more a safer alternative for traditional criminals.

5. Humans do fall sleep in the cyber battlefield

Security administrators can fall asleep in the ‘cyber battlefield’. When that happens hackers may strike. Unless processes are put in place to constantly review security systems, improve products, learn from failures, and keep administrators and staff trained, the cyber security defences in any organisation will remain weak against Advanced Persistent Threats (APT).

6. Technology as a whole moves very fast. The pace is relentless

With technology moving at lighting speed it is not surprising that humans can’t keep up with cyber attacks. Perhaps we should let the ‘machines’ with AI take over cyber security administration and let them enforce security and take humans out of the equation.

A bit extreme of course, but not unrealistic. For one, machines can follow rules flawlessly and keep up with the pace of cyber attacks as well as adapt much quickly than humans can. They won’t fall asleep in the cyber battlefield and may prove to be less sloppy than humans at maintaining security standards and processes. But that is still a long way before ‘Skynet’ can automatically defend organisations against hackers without any humans intervention.

Leading UK companies like Darktrace are leading the pack in the field of machine learning and AI applied to cyber security.

7. In cyberspace you only know what you know

The challenge of cyber is the ghost like transactions that happen faster than humans can cope with. What is really happening in your network may be a mystery.

But with security analytics know what you should know is good. Know what you don’t know is better.

About The Author

Marco Essomba is a network & security expert with more than a decade of experience in the field. Marco is CTO & CEO at AMPS Global, a World Class Consulting firm that enables organisations in banking, healthcare, retail, finance, insurance, and technology to design, implement, and support their digital infrastructure for the most secure and optimised delivery of Enterprise Apps. AMPS Global core expertise is cyber security focusing uniquely on leading products such as Clearswift and F5 Networks (BIG-IP LTM, GTM, APM, ASM, AFM, VIPRION, iRule, iApps, iControl, APIs, DevOps, and Scripting). Projects and case studies available here.

Information on contacting Marco:

Twitter: @marcoessomba

Email: Marco.essomba@amps-global.com

LinkedIn Company Site: https://www.linkedin.com/company/amps-case-studies?trk=biz-brand-tree-co-name

Website: http://www.amps-global.com

Our projects & case studies: www.amps-global.com/case-studies/

Blog (Medium): https://medium.com/@marcoessomba

LinkedIn: https://uk.linkedin.com/in/marcoessomba

Other Publications by Marco: https://www.linkedin.com/today/post/author/posts#published?trk=mp-reader-h