⚡ Get All Content for 20% Off ⚡

Why Uncovering a Network Security Breach Can Take Weeks or Months The discreet methods of hackers make an incursion extremely hard to detect. Both large and small companies are at risk.

By Eric Basu

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

There's been an understandable but unfair question being raised by many in my circles regarding Home Depot as it became the latest high-profile company embroiled in a security breach. I'm being asked, How could the company not know one way or another if an attack occurred many months ago?

The reality is that this scenario arises more often than not. There are two kinds of companies, a saying goes: The first kind is the ones that have been hacked and know about it and the other type are those that have been hacked and don't have any idea.

While I don't have any insight about this retail giant's cyber security operation, many companies large and small have no idea if a breach has occurred in their networks despite their valiant efforts.

Today's cyber thief is sophisticated, well financed and adept at not being caught. One way or another, virtually every business is a target.

That's because today's hackers are extremely stealthy. The bad guys will infiltrate using a default password, an unpatched server connected to the rest of the network or a zero-day attack, then immediately cover their tracks and create several more back doors. A zero day attack is a previously unknown exploit. It's more dangerous because antivirus programs, firewalls and intrusion detection systems typically won't detect it and affected software programs don't have patches for the flaw.

Related: Best Practices for Employees to Protect the Company From Hackers

Picture a burglar entering a house through an unlocked window, then locking that window and disabling the locks on every other window for the next time he wants to enter. Once in, the attackers will secure the data they need, whether it's customer credit-card records, employees' personal information, intellectual property or keystroke logs that reveal the passwords to the corporate bank accounts. They will then disguise the information in other files such as jpegs, Word, Exel or PowerPoint documents in order to be able to send the files out without triggering any intrusion-detection systems.

I know of one instance when hackers used a company's programs against it by infiltrating the firm's development servers and changing the code in its homegrown application used to encrypt credit-card files so as to then use the key they implanted to decrypt all the credit-card numbers once they exfiltrated them. The company never thought that its development servers would require extensive protection or patch updates.

It's not sufficient to simply have devices on a network to determine if the company's files are being sent to China, Russia or North Korea. To transport stolen data, most sophisticated hackers use botnets that can be located anywhere in the world. The stolen data is moved to unsuspicious destinations, in disguised file formats, in smaller segments, during times when normal data traffic would occur. This makes these attacks very difficult to discover.

Related: Data in Motion is Data at Greatest Risk

To make matters worse, this highly sophisticated strategy is infinitely scalable and not directed solely at large conglomerates. Small businesses are actually more at risk. While their customer and financial data may not be as big of a catch as, say, that of Target or some other global big-box retail chain, there are plenty of opportunities to hit mom and pop operations.

Because there's a false sense of security on the part of small-business owners that hackers won't waste their time on their firms, these organizations may be easier targets. Automated programs do most of the attacks on small businesses. I've heard small business owners say, "We don't have anything worth stealing" and "Nobody would go after us when they can get so much more from attacking ABC Co."

Even though someone may prefer to get a neighbor's $50,000 in cash versus $5,000 in cash, if it's left on a front doorstep while the neighbor keeps funds in a locked safe, who will lose their money first?

The loss to a small business can be catastrophic to its ability to survive. The Target breach, while unprecedented, didn't take down the company. But an attack on a local restaurant or ecommerce startup that compromises the credit-card data of customers could put the small enterprise out of business.

So as the Monday morning quarterbacking continues about Home Depot, I would argue that time would be better spent understanding that the issue probably facing this retail chain is far too common. It's up to all business owners to not only remain vigilant but also to develop systems and processes to counter the growing savviness of today's hackers.

Related: 8 of the Biggest Data Breaches Ever and How They Happened (Infographic)

Eric Basu

CEO of Sentek Global

Eric Basu is the CEO of Sentek Global, a provider of government and commercial cybersecurity and information technology solutions. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

The Remote Side Hustle a 43-Year-Old Musician Works on for 1 Hour a Day Earns Nearly $3,000 a Month: 'All From the Comfort of Home'

Sam Ziegler wanted to supplement his income as a professional drummer — then his tech skills and desire to help people came together.

Business News

Costco CFO Reveals Uncertain Fate of $1.50 Hot Dog and Soda Combo

CFO Richard Galanti reveals that the price will stay the same — but only "for a while."

Business News

The Most Unexpectedly Popular Side Hustle of the Decade Has Low Startup Costs and High Markups

A new report shows that vending machines are a popular investment — and the industry is set to grow up to $3 billion by 2031.

Marketing

Ever Wonder Why Certain Websites Rank Higher Than Yours? This SEO Expert Reveals The Secret to Dominating Search Results

It's often the smart use of SEO, now supercharged with AI, particularly in keyword optimization.

Business News

AI Is Impacting Jobs. Here Are the Gigs Affected the Most, According to an Analysis of 5 Million Upwork Postings

The researcher said in the report that freelance jobs were analyzed first because that market will likely see AI's immediate impact.

Leadership

Former Interrogator Shares 5 Behaviors Liars Exhibit and How to Handle Them

Five deceptive behaviors to look for and how to respond to those behaviors when you encounter them.