If I can hack you then black hats can do it too
In the world of cyber, hackers take many different forms. There are black hats who use the web as their playground to commit crime, but there are also the white hats that hack organisations for good. Ethical hackers hack to help organisations improve the security of their systems.
In my job, I wear a white hat. I’m one of the good guys and also Scotland’s first ever chartered ethical hackers (Chartered Cyber Security Professional).
From my penetration testing business in the Outer Hebrides, I run assessments on organisations’ networks to help them identify weaknesses, so they can be secured, before criminals exploit them maliciously.
Given my position on the cyber frontlines, what advice do I have for businesses to help secure their systems?
Weak passwords
Everyone knows the risks of using weak passwords, but they plague organisations today.
A criminal only needs to compromise one valid password to access a corporate network, so when employees use easyto-guess passwords or the same password across multiple accounts, they can deliver big returns for criminals with very little effort.
To counter password problems, organisations must adopt policies where employees are forced to use complex passwords that are at least 12 characters long and a mix of letters, numbers, symbols and capitals. Using Multifactor Authentication also provides serious improvements to defences. Unpatched software
No piece of software is ever created perfectly, so patches to fix issues will always be released by product vendors. These must be applied quickly after release, because the longer unpatched bugs exist, the more time criminals have to exploit them.
Legacy equipment
Legacy equipment is hardware or software that is being used by an organisation long after its sell-by date. Because it’s old, it often means it no longer receives security updates, which leaves it ‘buggy’ and easy for criminals to target.
Not all legacy equipment can be updated easily, but organisations should pull together plans around upgrading equipment. Until upgrades take place, it is essential to segregate old technology from sensitive areas of the network and layer it with cybersecurity tools to prevent unauthorised access.
Do any of these issues impact your business? Fix them now, before it’s too late.
William Wright, CEO of Closed Door Security