Understanding Hacking and What You Must Do to Protect Your Systems - dummies

Understanding Hacking and What You Must Do to Protect Your Systems

By Kevin Beaver

Hacking, as those in the IT business knows it, has been around since the advent of mechanical systems and the earliest of computers. Truth be known, the concept of tinkering and modifying with the goals of learning and making things better (true hacking) has probably been around as long as mankind. But in more modern times, hacking has evolved to also refer to using and abusing computer systems for ill-gotten gains.

The criminal hackers always seem to have the upper hand. This is especially true for organizations that don’t poke and prod their own computer systems and software looking for weaknesses using the same tools and techniques as the bad guys.

Much of IT has evolved to defend sensitive information and systems against malicious and even unintentional acts that create business challenges. More and more organizations have their own staff, often large teams of people, to manage their information security. A critical component of this business function is a strong information security assessment program.

Often referred to as penetration tests and vulnerability assessments, the goal of these information security assessments is to find and fix the security flaws before someone else exploits them. It’s an important exercise for all types of businesses — both large and small — that requires good analytical skills, the ability to think like the bad guys, and, most important, common sense.

As with any business department or core business function, information security assessments must be taken seriously if business leaders want to prevent a data breach, network outage, or related security incident. This requires performing thorough security assessments periodically and consistently over time. But you can’t just jump in.

You need to think things through: First determine what you’ve got such as systems, sensitive information, and critical business partner and customer connections; then find out where it’s located; and finally analyze how it’s being used in day-to-day business workflows. Once you understand what’s what (and where), you can get rolling with trying to find the areas of your network — and the cloud — that are creating business risks.