Fox Business - This year is already being called “The Year of the Hack,” due to the unprecedented number of damaging attacks against major companies like Sony, RSA Security, Google (GOOG: 624.82, -0.83, -0.13%) and even the U.S. government. It’s hard to remember a time when businesses faced as many online threats as they do today.
From hacktivist groups like Anonymous, corporate and state-sponsored cyber espionage and organized crime and rogue hackers, every business, regardless of its size, is finding itself in the cross hairs of cyber attacks.
Why is so much hacking happening now? The answer is simple: More valuable information is stored online now than ever before, and at the same time, many companies have been lax about IT security.
Most of this year’s high-profile attacks should have been prevented. It’s the job of every business owner to learn valuable lessons about why these companies were hacked and how they could have prevented it.
Here is a recap of 2011’s significant hacks with important tips for businesses:
RSA Security, hacked in March 2011:
RSA, best known for its SecurID tokens, was severely jeopardized by a clever cyber attack earlier this year. The attackers used social engineering (just another term for “con”) to trick RSA employees into opening a spoofed, or fake, email and downloading an infected Excel spreadsheet. This attack gave the hackers access to the computer network and from there, they stole SecurID tokens and used them to hack military contractors.
Key Lesson No.1: Protect Critical Data. RSA should not have had its SecurID token secrets online. What valuable information does your business store in online databases? Many executives don’t know, and classifying business data should be near the top of their chief information security officer’s (CISO) to-do list. Business owners should thoroughly examine the information they store online and store critical data offline or behind strict network segmentation.
Key Lesson No.2: Segment Your Network. The attack on RSA used employees to get inside the company. Employee training isn’t reliable, therefore it’s more important for businesses to safeguard their network by segmenting the network so if one employee’s PC is infected it can’t spread laterally through the entire system.
Sony, hacked April to June 2011
The attack on Sony made news for weeks as the company was attacked by LulzSec and the Playstation network shut down. All told, the damage to Sony from these attacks reportedly more than $170 million. More
