SASHA TINSON

Graduate Surveyor,

Global Occupier Services

sasha.tinson@cushwake.com

A six-letter, all-lowercase password takes just

10 minutes to crack. Adding one uppercase

extends the time to decipher by 10 hours.

Using Common Sense in a Hackable World

However, much as one small change exponentially increases

one’s Internet safety, one miniscule slip dramatically

heightens one’s vulnerabilities. The threat of cyber-attacks

is evolving, shifting and more challenging than ever

before. Furthermore, the hackers behind these attacks are

becoming more sophisticated – and more dangerous.

In its most basic form, hacking involves unauthorized

access to an IT system, Even someone who accesses a

particular system without permission, simply to see what

is there, can be considered a hacker.

But hackers are more interested in gaining access to

systems for reasons other than a quick look-see. Those

reasons can range from causing cyber mischief, to stealing

sensitive data. As such, these hackers focus attacks on the

three pillars of network security: confidentiality, integrity

and availability, or CIA.

Attacks on network confidentiality:

Attacks can include

packet capturing (stealing sensitive data), password

attacks (hacking user passwords of target computers)

and phishing/pharming (attempts to solicit sensitive

information via emails with fake URLs). The purpose is to

open breaches to steal sensitive information.

Attacks on network integrity:

Events such as “data

diddling” (illegal or unauthorized data alteration), man-

in-the-middle (the attacker manipulates data as it moves

from one device to another), and session hijacking

(hacking a computer session to gain unauthorized access

to information or other services) fall under this umbrella.

Such attacks can ruin computer coding and render an IT

system unusable.

Attacks on network availability:

Known as “denial-of-

service” (DOS) or “distributed-denial-of-service” (DDOS)

attacks, a hacker sends a large numbers of service requests

to a system, with the intent of crashing a server.

Even as hack attacks are becoming more frequent, the

hacker’s profile has changed. They are no longer embittered

computer geeks who live in their parents’ basements. These

days, large cybercrime organizations

are responsible for stealing billions from

consumers and businesses. One such

organization stole $45 million from

worldwide ATMs in a coordinated attack,

created from a targeted network breach

that originally involved only a few banks

and a payment processing company.

Other attackers include the mischief-

making, prove-a-point hacktivists, and

nation-state hackers whose purpose is to

gain intelligence and secrets and disrupt

military infrastructure.

While it’s impossible to guard totally

against hackers, there are a few ways in

which organizations can make it more

difficult to access IT systems.

>

>

Conduct a security audit.

>

>

Ensure data encryption.

>

>

Plan frequent backups.

>

>

Implement frequent password

changes with difficult passwords.

>

>

Develop an accepted use policy.

>

>

Train employees.

In the end, while more hackers will do

anything to reach their goals, common

sense, awareness and in-place policies

can help mitigate much of the security

danger that these individuals and

organizations perpetrate on IT systems

and, by extension, the population.

26 | Cushman &Wakefield