OFFICIAL PUBLICATION OF THE COLORADO BANKERS ASSOCIATION

Pub. 10 2020-2021 Issue 6

Six-degree Hacker Assessment: Is Your Information at Risk?

Six-degree Hacker Assessment: Is Your Information at Risk?

Organization leaders and stakeholders are asking: “Are we vulnerable to hackers?” A six-degree hacker assessment will provide answers by testing each layer based on current hacking trends and real-world threat scenarios.

1. Internet: Internet-accessible information and systems are the public face for every organization. Unfortunately, this information and these systems can be used by hackers to gain unauthorized access to your internal network, or worse, your most critical data.

2. Social: Users are an organization’s critical line of defense in securing and protecting information and assets. They can intentionally or unintentionally pose a risk to an organization by not exercising due care. Social attacks target staff who do not properly understand their role and responsibilities regarding information security. Not to be outdone (but often overlooked), physical building and network controls are just as important for thwarting many common social attack organizers responsible for several recent well-known breaches.

3. Peripherals: Today’s decentralized physical and logical security models give staff responsibility for critical physical devices and data 24/7 through firewalls and VPNs. Our mobile workforces are armed with laptops, mobile phones and tablets, which could result in a significant data breach if left uncontrolled. If configured improperly, our firewalls and VPNs create potential tunnels into the core of an organization.

4. Passwords: Currently, passwords are the single most important line of defense when controlling access to data and systems. Passwords grant access to remote access VPNs, networks, applications, databases and sensitive file shares. Practices of password sharing, password reuse and poorly chosen word combinations have resulted in many of the breaches we hear about in the daily news. Password construction, use, and protection practices are, without question, one of the most important security control layers for organizations today.

5. Systems & databases: Applications, databases, and networks share house critical organizational data, including security controls critical to protecting an organization’s vital data assets. Improper access controls, system configurations, older versions, or missed patches often result in unwanted holes, which, if left unaddressed, can lead to a system compromise, or worse, a breach of critical company data or confidential customer information.

6. Network: Networks allow users, customers, and vendors to communicate effectively and operate efficiently. When designed with security in mind, networks can limit hackers, viruses, ransomware, and malware to move freely between systems. Also, hackers compromise networks an average of 90 days before being discovered. Often, this is the direct result of weak or nonexistent detective controls. In today’s world, a proper network, one designed with security in mind, is essential for any company, regardless of industry.

Cybersecurity includes applying administrative, technical, and physical controls to protect against threats to the confidentiality, use, and integration of technology throughout organizations. Today, those threats affect more than just IT — they affect the entire organization. With that in mind, an organization-wide security strategy is essential for successfully protecting confidential data throughout the organization. A six-degree hacker assessment can help you focus on developing solutions for the areas that present the most risk to your organization.