Are hackers changing up their techniques as cybersecurity advances?
Hackers often don't need to hack, they go right through the front door by exploiting the basics of access. As cybersecurity evolves, so do hackers.
Here’s the reality. Malicious actors don’t need to “hack” you or find backdoors in software code to get to your sensitive data. They’re much more likely to just log in through the front door with your stolen or weak password. And given how many recent data breaches there have been (virtually every American has been affected), almost everyone is at risk of these attacks. Hackers can pretty much get anyone’s information on the dark web for pennies.
Generally, hackers look to exploit these basics of access. That includes weak passwords, lack of multi-factor authentication, brute force attacks, etc. After that, they look to other techniques.
Social engineering (often to enable phishing) is definitely on the rise. It’s easy these days to get deeply personal data from people’s online social media profile – who they’re connected to, their work history, or even their mothers’ maiden names. It’s possible to understand a person’s routine and build a detailed profile of their daily lives. That makes sending a very targeted phishing (spear phishing) email even easier and more realistic.
For businesses, “lateral movement” is an emerging threat to protect against. It involves hackers pinpointing vulnerable servers and endpoints, and then moving “laterally” into other endpoints and servers in an organization that may house data that is more sensitive. To prevent lateral movement, enabling an enterprise-wide identity and access management services is key, making sure that access is limited, and anomalies can be easily detected.
There’s no easy answer to preventing this. The best recommendations are often the most common sense. Be vigilant about checking incoming emails and messages, especially ones that may have unknown links in them or have an unusual attachment. Enable multi-factor authentication wherever you can.
This post originally appeared in a Quora Q&A session hosted in January 2020. Our CPO Archit Lohokare was asked to discuss the state of cybersecurity, Zero Trust, artificial technology and machine learning and working in the security field, among other things. Stay tuned as we share more of his answers in our blog!
Archit Lohokare
Archit Lohokare is Chief Product Officer at Idaptive, where he is responsible for product strategy, driving innovation, and bringing new products and services to market. He transitioned over to Idaptive as it was spun-out from Centrify, where—as Vice President of Product Management—he led the Identity-as-a-Service (IDaaS) and Unified Endpoint Management product portfolio. Prior to Centrify, Archit was Vice President of Products at Optymyze, where he led the product management team responsible for the company’s Sales Performance Management and Sales Platform-as-a-Service SaaS and PaaS solutions, securing a Leadership position in the first Gartner Magic Quadrant report on Sales Performance Management along the way.
Earlier in his career, Archit led Symantec's Cloud Information Protection Security-as-a-Service offering, and IBM's Access Management product line, comprised of Web Access Management, Identity Federation, Enterprise Single Sign-On, and Risk-based Access and Entitlements Management products. Archit joined IBM through the acquisition of Encentuate, a leading Bay Area start-up in the security software space; as an early employee, he had the opportunity to contribute to its successful exit.
Archit has an MBA from UC Berkeley-Haas School of Business, and a bachelor’s degree in Computer Engineering from NTU, Singapore, where he was awarded the SIA-NOL undergraduate scholarship by the Ministry of Education, Singapore.
Archit is an avid history buff, enjoys reading in his spare time and running breathlessly after his one-year-old, hyperactive son.
CHAMELEON-LIKE SUPERPOWER
If Archit could have any Chameleon-like superpower, it would be the ability to change colors quickly and adapt. “Actually, it would be like the ability of our IAM solutions to adapt instantaneously to a customer’s environment and user behavior. Anomalous user access? A snap! Presto, change-o – like a chameleon from green to red in an instant, adapt to the change in user behavior and request user to assure their identities using multi-factor authentication...”