IT leaders cannot be sleeping well lately. It seems that barely a day goes by without news of another stalwart company brought to its knees by cyber-attackers.
Many IT leaders are starting to realise that today's threat is significantly different from the waves of attack that came before.
A new environment
For one, cyber-attackers' motives have changed. In the past, hackers tended to be teenagers and malcontents, hell-bent on mischief and focused on destruction.
Their main objective was to inject viruses or mount massive denial-of-service (DOS) attacks to cripple any corporation or organisation within their reach. Today's hackers (or, more specifically phishers) are much more sophisticated.
They are generally activists, criminals, competitors or even national governments who use stealth tactics to steal valuable information, either for personal gain or to expose company secrets to the world.
The mode of attack has also evolved.
Where hackers used to use programming to muster a full frontal attack on firewalls and servers, today's cyber attackers use information to con employees into opening the door for them.
As a result, they easily slip around the firewalls and sit — unnoticed by virus detectors — on networks collecting valuable data.
Phishing season is open
To better understand the risks faced by companies, we recently examined the publicly available information for companies on the Forbes 2000 list.
Using only the meta-data found on their websites, our security analysts were able to acquire potentially useful information from more than three quarters of the websites they examined.
Besides hundreds of thousands of usernames and email addresses, our cursory review was even able to identify cases where companies were using out of date software with potential vulnerabilities. The full study findings will be released in September.