We’ve all read about various forms of cybercrime and its various levels of impact. Oftentimes we hear about a company whose network has been compromised, leading to the loss of sensitive information. But that’s just one scenario out of many. For example, just exactly who is a hacker and what’s the difference between malicious hacking and ethical hacking? And how do you define what happens after a successful hack? Is it a data breach or a security incident?
Before I dig in further to make sense of it all, there are three simple categories into which all of this comes together: those who break in, what they use to break in, and what happens after a break in.
Who is trying to break in to your accounts?
- Malicious hackers: A person or a group of individuals who make a concerted effort to break into an organization’s network or a personal computer or device to do harm of some kind. They are often in it to make money and work somewhere in the Dark Web. These individuals are called Black Hats. Malicious hackers can also be those who have been tasked, as citizens or otherwise, to instigate a nation state-sponsored attack meant to disrupt operations or steal information from a government organization or company in the private sector within another nation-state.
- Hacktivists: A person or group of people who might either break in, or simply knock on the front door to prove they could break in if they wanted to. Hacktivists are not in it to make money. Their goal is to promote a personal or organization’s agenda, or affect social change. Basically, a hacktivist wants to make a point that networks and computers are not impervious to their attacks, and what they can view, extract, and share may be information they feel should be shared publicly. For example, Wikileaks is a well-known hacktivist group.
- Ethical hackers: An ethical hacker, sometimes called a security researcher, will work to find and exploit a vulnerable piece of technology (aka a vulnerability). These individuals often identify a software or hardware flaw and inform the vendor that something needs a patch. For example, LastPass has a bug bounty program where security researches can responsibly report any issues they find. When valid issues are found, we offer rewards proportionate with the severity of the issue. This is a great way to keep your product strong and safe.
What are they using to break into your accounts?
Software in the form of executable code or a script that has been programmed to break into a network or computer, to cause harm or not, has many names and forms. The overarching term for this is “malware” which is shorthand for “malicious software”.
Malware essentially activates itself once it gains entry through a vulnerability. The code itself has many names and variants including virus, worm, ransomware, adware, and Trojan Horses. Missing from the list is “bug” because it is a flaw (or mistake) that made its way into existing software or hardware by the engineers who programmed it.
What happens after your accounts have been compromised?
We hear “data breach” in the news associated with companies like Marriott and others. A data breach is an after-effect of a security event or incident. From a legal perspective, what it is called makes a very big difference.
- Security event: This is when something has occurred that presents a security risk to any degree of severity. It is essentially a noticeable change in the typical behavior of network, system, process, or computer. It can range from a normal event that does not require a response, to an emergency event which requires immediate action.
- Security incident: The difference between an event and an incident is human. An incident is something that can be determined to be caused by a person or group of people. An incident can become a serious situation when it is determined that there is malicious intent behind it. As a point of clarification, all incidents are a form of an event, yet not all events constitute an incident. For example, when there is a defect or flaw (aka our friend the bug) there may be a technical failure as a result. This is a random event, and not an intended, malicious one.
- Data breach: This is a type of security incident where sensitive information has been exposed and stolen due to unauthorized access. An organization that has suffered a data breach is bound by regulations such as HIPAA to inform those who have been affected by the loss of their personal information such as credit card numbers or patient health information (PHI).
How to Keep from Getting Broken Into
There are dozens of technologies and associated processes that layered together to reduce the amount of risk to a reasonable degree. Gone are the days where an organization can comfortably say they are safe from attack. Nowadays it is more about knowing an attack will happen, determining acceptable levels or risk, and focusing on the areas that are most vulnerable.