The importance of Cyber Security for today’s businesses, with practical examples

With the rapid development of the internet, the way we do business, communicate and purchase goods, the ecosystem has changed radically. In other words, our lives have changed in a way that was unimaginable thirty years ago. The day by day tasks have become super-fast and easy to do with the help of technology (e.g.: getting in touch with anybody worldwide in a matter of seconds by using the email). In such an accelerated world, technology offers a third hand to our daily jobs. Furthermore, things are going to accelerate even more in the few following years, so technology seems to be a very useful thing, namely, the businesses are more efficient on internet, with increased revenue, and the customers are very happy with the promptly offered services.

But could things go wrong? Yes! So bad that a company can be knocked out of the business segment. That’s horrible, isn’t it?! But how could these bad things be avoided? The neat answer is: Cyber Security. This is the domain that helps businesses, but the home users as well, to be safe in a century full of digital threats.

Because practical examples are easier to understand, let’s use one in this article. It will be easier for you to grasp the information and truly understand why cybersecurity is important nowadays, especially for you. Please imagine you have a company that sells computers, for the personal segment, from the least expensive ones, to the enterprise level, with servers for the most sophisticated data-centers. This company is having a very diversified catalog of products and is well recognized on the market. Now imagine that your business has a website for exposing these goods to the world. This website has a database behind it for storing the data. The database contains employees data and other strictly confidential information as well. So far, it looks like a very simple application every business has today, so I am asking the above question one more time: what could go so wrong within this context? Why would a company need professional cybersecurity services offered by specialists?

I hope I got your attention because today is all about the internet. Today is about your business! I am going to walk you now through three simple, but very spread attacks, which could totally destroy your market capital.

The first one and the worst one too, is Database Injection. The most commonly used databases nowadays are the relational type ones, so the Structured Query Language (SQL) will be the language spoken between your application and database. This language can be abused and exploited by a bad guy (I am going to call him a hacker from now on), that’s why the attack, more specifically, is called: SQL Injection. You have to fear most of this vulnerability because it can make your top-secret data available on the internet. In a nutshell, the attack works this way: specially crafted payloads (payloads are basically codes) are injected in SQL queries made to your database through unsanitized inputs on website. Sounds pretty simple, doesn’t it? So, a hacker that enters a carefully crafted payload into your website, will not only get the information about computers from the database but also the data related to company’s employees or any other piece of data he requests. Now the hacker owns confidential data, which essentially compromises your operation. The computer is not able to determine whether to execute or not the given request. This is literally horrible for any business and yours too. Your company image will be strongly affected by the dimmed level of trustworthiness. Who is going to buy computers from you again? And if your business operates inside the European Union, the latest legislation in force will smash you with a huge fine due to the leaks of your employee’s data. This is known as GDPR. The big idea of this attack is that databases injections are the most common ways a hacker can get you down and have to be avoided as much as possible. They can create the worst data leaks and affect you the most. It doesn’t matter how data is stored (relational or non-relational databases) because, as long as the application doesn’t filter the data the user is entering on your website, your business is one step away from disaster.

I am moving on to another critical vulnerability which is entitled as follows: Cross-Site Scripting (XSS technically). XSS is a vulnerability which comes from unfiltered inputs, but this time, the hacker abuses the interface your user is using (the interface is in 99% of the cases the browser you use for daily tasks such as: reading the emails, watching YouTube videos, etc.). It injects payloads which are stored in the database or directly reflected on the website’s pages. And these payloads are carefully crafted using HTML, CSS and JavaScript codes. With the right combination of these ones, a hacker can steal any user’s account (you have to know that someone can get your administration account too without even knowing the password. That’s one reason why this attack is so powerful and dangerous), make orders in your name or transfer money from your bank account to his account (this is known as CSRF attack which is possible due to XSS). In simple words, your business is crashed again. No one will ever make an order for computers on your website again and your listing on bursaries is rocketing straight to the ground. Really bad, doesn’t it? Summarized, XSS attacks the client-side (the browser) part of an application (website) while the SQL Injection attacks the server-side (the part you don’t see in your browser). XSS can do as much damage as SQL Injection, so it must be addressed as soon as possible. It can be avoided with a professional audit made to your platform.

The last attack I quickly want to present to you is known as Denial of Service (DOS). The Distributed DOS (known as DDOS) is a more powerful iteration of DOS by using multiple launch points for the attack. The very simple idea behind this digital threat is that a hacker would target your network with the aim of taking it offline, preventing customers from accessing the website and buy computers anymore. The hacker does this attack by flooding your network with fake traffic/data in such huge quantities that your equipment will eventually freeze or totally crash. In simple words, this attack will exhaust all the available resources of the routers, firewalls, servers, etc. If one of these devices go offline, the attack is a success because your website has been taken down.

Therefore, Cyber Security is a critical requirement for your business. Don’t hesitate to search for at least the vulnerabilities presented above in your running infrastructure in order to evaluate the real state of your services. I really recommend you to buy a professional audit from a respectable company because it will eventually pay off. Don’t look at how expensive it might get because the wolves are raving around you. Hackers don’t mind if you’re a start-up or a billion-dollar company. Hackers don’t care about your image as a businessman. They will attack and pull you down. Cyber Security is more important today than ever. Take action! CyberDacians is here to help you secure your market capital! Get in touch with us! You can find us at: www.cyberdacians.com