SASHA TINSON
Graduate Surveyor,
Global Occupier Services
sasha.tinson@cushwake.comA six-letter, all-lowercase password takes just
10 minutes to crack. Adding one uppercase
extends the time to decipher by 10 hours.
Using Common Sense in a Hackable World
However, much as one small change exponentially increases
one’s Internet safety, one miniscule slip dramatically
heightens one’s vulnerabilities. The threat of cyber-attacks
is evolving, shifting and more challenging than ever
before. Furthermore, the hackers behind these attacks are
becoming more sophisticated – and more dangerous.
In its most basic form, hacking involves unauthorized
access to an IT system, Even someone who accesses a
particular system without permission, simply to see what
is there, can be considered a hacker.
But hackers are more interested in gaining access to
systems for reasons other than a quick look-see. Those
reasons can range from causing cyber mischief, to stealing
sensitive data. As such, these hackers focus attacks on the
three pillars of network security: confidentiality, integrity
and availability, or CIA.
Attacks on network confidentiality:
Attacks can include
packet capturing (stealing sensitive data), password
attacks (hacking user passwords of target computers)
and phishing/pharming (attempts to solicit sensitive
information via emails with fake URLs). The purpose is to
open breaches to steal sensitive information.
Attacks on network integrity:
Events such as “data
diddling” (illegal or unauthorized data alteration), man-
in-the-middle (the attacker manipulates data as it moves
from one device to another), and session hijacking
(hacking a computer session to gain unauthorized access
to information or other services) fall under this umbrella.
Such attacks can ruin computer coding and render an IT
system unusable.
Attacks on network availability:
Known as “denial-of-
service” (DOS) or “distributed-denial-of-service” (DDOS)
attacks, a hacker sends a large numbers of service requests
to a system, with the intent of crashing a server.
Even as hack attacks are becoming more frequent, the
hacker’s profile has changed. They are no longer embittered
computer geeks who live in their parents’ basements. These
days, large cybercrime organizations
are responsible for stealing billions from
consumers and businesses. One such
organization stole $45 million from
worldwide ATMs in a coordinated attack,
created from a targeted network breach
that originally involved only a few banks
and a payment processing company.
Other attackers include the mischief-
making, prove-a-point hacktivists, and
nation-state hackers whose purpose is to
gain intelligence and secrets and disrupt
military infrastructure.
While it’s impossible to guard totally
against hackers, there are a few ways in
which organizations can make it more
difficult to access IT systems.
>
>
Conduct a security audit.
>
>
Ensure data encryption.
>
>
Plan frequent backups.
>
>
Implement frequent password
changes with difficult passwords.
>
>
Develop an accepted use policy.
>
>
Train employees.
In the end, while more hackers will do
anything to reach their goals, common
sense, awareness and in-place policies
can help mitigate much of the security
danger that these individuals and
organizations perpetrate on IT systems
and, by extension, the population.
26 | Cushman &Wakefield