Why Uncovering a Network Security Breach Can Take Weeks or Months
There’s been an understandable but unfair question being raised by many in my circles regarding Home Depot as it became the latest high-profile company embroiled in a security breach. I’m being asked, How could the company not know one way or another if an attack occurred many months ago?
The reality is that this scenario arises more often than not. There are two kinds of companies, a saying goes: The first kind is the ones that have been hacked and know about it and the other type are those that have been hacked and don’t have any idea.
While I don’t have any insight about this retail giant’s cyber security operation, many companies large and small have no idea if a breach has occurred in their networks despite their valiant efforts.
Today’s cyber thief is sophisticated, well financed and adept at not being caught. One way or another, virtually every business is a target.
That’s because today's hackers are extremely stealthy. The bad guys will infiltrate using a default password, an unpatched server connected to the rest of the network or a zero-day attack, then immediately cover their tracks and create several more back doors. A zero day attack is a previously unknown exploit. It's more dangerous because antivirus programs, firewalls and intrusion detection systems typically won't detect it and affected software programs don't have patches for the flaw.
Picture a burglar entering a house through an unlocked window, then locking that window and disabling the locks on every other window for the next time he wants to enter. Once in, the attackers will secure the data they need, whether it’s customer credit-card records, employees' personal information, intellectual property or keystroke logs that reveal the passwords to the corporate bank accounts. They will then disguise the information in other files such as jpegs, Word, Exel or PowerPoint documents in order to be able to send the files out without triggering any intrusion-detection systems.
I know of one instance when hackers used a company’s programs against it by infiltrating the firm's development servers and changing the code in its homegrown application used to encrypt credit-card files so as to then use the key they implanted to decrypt all the credit-card numbers once they exfiltrated them. The company never thought that its development servers would require extensive protection or patch updates.
It's not sufficient to simply have devices on a network to determine if the company’s files are being sent to China, Russia or North Korea. To transport stolen data, most sophisticated hackers use botnets that can be located anywhere in the world. The stolen data is moved to unsuspicious destinations, in disguised file formats, in smaller segments, during times when normal data traffic would occur. This makes these attacks very difficult to discover.
To make matters worse, this highly sophisticated strategy is infinitely scalable and not directed solely at large conglomerates. Small businesses are actually more at risk. While their customer and financial data may not be as big of a catch as, say, that of Target or some other global big-box retail chain, there are plenty of opportunities to hit mom and pop operations.
Because there’s a false sense of security on the part of small-business owners that hackers won’t waste their time on their firms, these organizations may be easier targets. Automated programs do most of the attacks on small businesses. I’ve heard small business owners say, “We don’t have anything worth stealing" and "Nobody would go after us when they can get so much more from attacking ABC Co.”
Even though someone may prefer to get a neighbor’s $50,000 in cash versus $5,000 in cash, if it's left on a front doorstep while the neighbor keeps funds in a locked safe, who will lose their money first?
The loss to a small business can be catastrophic to its ability to survive. The Target breach, while unprecedented, didn’t take down the company. But an attack on a local restaurant or ecommerce startup that compromises the credit-card data of customers could put the small enterprise out of business.
So as the Monday morning quarterbacking continues about Home Depot, I would argue that time would be better spent understanding that the issue probably facing this retail chain is far too common. It's up to all business owners to not only remain vigilant but also to develop systems and processes to counter the growing savviness of today’s hackers.