Why Uncovering a Network Security Breach Can Take Weeks or Months The discreet methods of hackers make an incursion extremely hard to detect. Both large and small companies are at risk.

By Eric Basu

Opinions expressed by Entrepreneur contributors are their own.

There's been an understandable but unfair question being raised by many in my circles regarding Home Depot as it became the latest high-profile company embroiled in a security breach. I'm being asked, How could the company not know one way or another if an attack occurred many months ago?

The reality is that this scenario arises more often than not. There are two kinds of companies, a saying goes: The first kind is the ones that have been hacked and know about it and the other type are those that have been hacked and don't have any idea.

While I don't have any insight about this retail giant's cyber security operation, many companies large and small have no idea if a breach has occurred in their networks despite their valiant efforts.

Today's cyber thief is sophisticated, well financed and adept at not being caught. One way or another, virtually every business is a target.

That's because today's hackers are extremely stealthy. The bad guys will infiltrate using a default password, an unpatched server connected to the rest of the network or a zero-day attack, then immediately cover their tracks and create several more back doors. A zero day attack is a previously unknown exploit. It's more dangerous because antivirus programs, firewalls and intrusion detection systems typically won't detect it and affected software programs don't have patches for the flaw.

Related: Best Practices for Employees to Protect the Company From Hackers

Picture a burglar entering a house through an unlocked window, then locking that window and disabling the locks on every other window for the next time he wants to enter. Once in, the attackers will secure the data they need, whether it's customer credit-card records, employees' personal information, intellectual property or keystroke logs that reveal the passwords to the corporate bank accounts. They will then disguise the information in other files such as jpegs, Word, Exel or PowerPoint documents in order to be able to send the files out without triggering any intrusion-detection systems.

I know of one instance when hackers used a company's programs against it by infiltrating the firm's development servers and changing the code in its homegrown application used to encrypt credit-card files so as to then use the key they implanted to decrypt all the credit-card numbers once they exfiltrated them. The company never thought that its development servers would require extensive protection or patch updates.

It's not sufficient to simply have devices on a network to determine if the company's files are being sent to China, Russia or North Korea. To transport stolen data, most sophisticated hackers use botnets that can be located anywhere in the world. The stolen data is moved to unsuspicious destinations, in disguised file formats, in smaller segments, during times when normal data traffic would occur. This makes these attacks very difficult to discover.

Related: Data in Motion is Data at Greatest Risk

To make matters worse, this highly sophisticated strategy is infinitely scalable and not directed solely at large conglomerates. Small businesses are actually more at risk. While their customer and financial data may not be as big of a catch as, say, that of Target or some other global big-box retail chain, there are plenty of opportunities to hit mom and pop operations.

Because there's a false sense of security on the part of small-business owners that hackers won't waste their time on their firms, these organizations may be easier targets. Automated programs do most of the attacks on small businesses. I've heard small business owners say, "We don't have anything worth stealing" and "Nobody would go after us when they can get so much more from attacking ABC Co."

Even though someone may prefer to get a neighbor's $50,000 in cash versus $5,000 in cash, if it's left on a front doorstep while the neighbor keeps funds in a locked safe, who will lose their money first?

The loss to a small business can be catastrophic to its ability to survive. The Target breach, while unprecedented, didn't take down the company. But an attack on a local restaurant or ecommerce startup that compromises the credit-card data of customers could put the small enterprise out of business.

So as the Monday morning quarterbacking continues about Home Depot, I would argue that time would be better spent understanding that the issue probably facing this retail chain is far too common. It's up to all business owners to not only remain vigilant but also to develop systems and processes to counter the growing savviness of today's hackers.

Related: 8 of the Biggest Data Breaches Ever and How They Happened (Infographic)

Wavy Line
Eric Basu

CEO of Sentek Global

Eric Basu is the CEO of Sentek Global, a provider of government and commercial cybersecurity and information technology solutions. 

Editor's Pick

A Father Decided to Change When He Was in Prison on His Son's Birthday. Now His Nonprofit Helps Formerly Incarcerated Applicants Land 6-Figure Jobs.
Lock
A Teen Turned His Roblox Side Hustle Into a Multimillion-Dollar Company — Now He's Working With Karlie Kloss and Elton John
Lock
3 Mundane Tasks You Should Automate to Save Your Brain for the Big Stuff
Lock
The Next Time Someone Intimidates You, Here's What You Should Do
5 Ways to Manage Your Mental Health and Regulate Your Nervous System for Sustainable Success

Related Topics

Business News

'Do You Hate Me?': High School Teacher Shares Wild Emails He Receives From Students

Jordan Baechler teaches high school students in Ontario, Canada.

Business News

After Being Told They Could Work From Home Forever, Employees Made Major Life Changes. Then, a New CEO Ordered Them Back to the Office.

Farmers Group CEO Raul Vargas is facing backlash for the change, but he says being in the office brings more "collaboration" and "innovation."

Starting a Business

Starting a New Business? Here's How to Leverage Transferable Skills From Your Prior Careers and Drive Success

Launching your own business can be daunting, but when you harness the skills from past jobs, there are a variety of things you must ask yourself. Here are three recipes for success using your prior experiences.

Growing a Business

Do You Say 'Like' Too Much? Don't Worry! I'm a Sociolinguist, and I Like 'Like.'

The modern use of the word is denigrated through and through. But it may be doing more communicative heavy lifting than we give it credit for.