Assume that the company's systems have been invaded is the first step towards the adoption of effective policies for data security.
A recent article in Forbes magazine advised readers to assume that the companies they work for have already been hacked. Some readers have asked about my thoughts, and here's what I think, the article may even have exaggerated in tone, but in the end the proposition is quite appropriate. Most companies are actively hacked and your sensitive data is stolen and passed on to third parties.
There are those who say that such statements are inaccurate and unfounded, and wonder where is the evidence that they were the base. It's true. There is no data or research to support the conclusion. Surveys and interviews can only measure known security incidents; is difficult to measure the unknown. But in the latter case, there are only circumstantial evidence.
I can not say when. But over the last two or three years, I realized that all the companies in which I worked were hacked. And this feeling goes beyond my own personal experience. Ask any of the information security consultant who has contact with a good customer base and they will tell you the same thing: "Yes, every company is hacked."
But the level of invasion may differ between companies of different sizes. Every company is invaded in the sense that they probably have one or more computer es where a program is installed malware, Trojan or zombie.
Target of interest
If the company has awakened interest or size that works in one industry that's extremely valuable data (eg, one that competes with foreign firms, law firms, industries or the military), it is likely that a malicious hacker has installed several programs type backdoor and sent lots of sensitive data to other locations.
In big companies have visited, the hackers came to set up programs that automatically looking for new files and folders and sent to the remote site only the changed information. These companies knew they had a bad service "offsite backup".
Any company with which I dealt had dozens of great vulnerability 's security. The IT staff with whom I spoke admitted that the defenses of the companies in which they worked were applied unevenly and had known security holes much larger, or that I had found in my limited research. Rarely these security issues are nothing new, most have several years and are well known by IT managers.
There is a chance that your company has not been hacked. But the environment hyperactive cyber crime today, this is unlikely. If you have not been hacked, or is extremely good (with a perfect management support and resources) or lucky.
What to do
So how should this affect their behavior and tactics? First, and although it seems strange, probably not a bad idea to warn the senior management of IT risk, so if you have not already done. If they react badly, show them this text (or the Forbes article) and make a list of major security issues that remain open for years in the company.
Second, the best way to prevent invasion is to lock the workstations and servers and allow only pre-approved software to run them. Most IT departments have no idea about what runs on all computers under your control. Use a program or software inventory control applications for information on what is in use, review each active program, approve the necessary and prevent the rest of work. If you can not take this step, then the battle will probably be lost - but there are other actions that may follow, though less effective.
One of the main techniques is to actively monitor network traffic and search for large amounts of data being transferred to unknown destinations, or between computers that should not have communication with each other. It is quite common for hackers to copy data internally to a centralized computer before you compress them and send them to an external location. There are many tools as well as products that prevent and detect data leakage, which can help you with these tasks of measurement and alert.
As always, I am big fan of computers "honeypot", which are in a corner, doing nothing, hoping to alert you when someone inadvertently tries to log on. Hackers can be good, but I have yet to find one that, before using their hacking techniques, do not try at least one logon.
Bait false
Some companies make in their networks, data sets just to get attention, so they can later help them in identifying data that may have leaked out of the company. Sometimes it is as simple as creating some false addresses e-mail will never be used. Other schemes reach the point of creating data records, projects and businesses to completely fictitious.
One of the companies for which I worked worked in the business of fish. Their internal databases contained a nonexistent client, yet completely documented. The fictitious company received a phone number without using (registered in the name of the parent company) and an address that belonged to one of its subsidiaries. But no such information existed outside of my internal IT customer.
One day, the company began receiving fake e-mails and phone calls from a rival company of fish. The case was investigated and in the process, they discovered a sophisticated and unique Trojan program that had been installed on your main server database. The program had been there for so long that IT staff had already included in the "golden image" - the copy used internally for the creation of database servers. Now they have a solid change control and a list of all programs running on each server and workstation.
Even if you have not actually been hacked, you should act as if he had, and thus decide what to do differently to combat hackers. In the end, is what we all end up doing one day.
