In today’s digitized world we are used to hearing about criminals taking to the cyber space looking for potential victims and conducting massive attacks. We have a picture of what these hackers are after and some of us, both individuals and organizations, may believe we are safe because we don’t fit the potential victim profile. The recent hacking attack on the New York Times showed the world that no one and nothing is safe from the cyber crooks.
In a January 30 article, the news giant claimed that it had been the victim of hacking attacks originating in China for 4 months. The crooks stole passwords to many reporters’ and employees’ computers and used them to gain access to the company networks. What’s peculiar about these attacks is the fact that the hackers were not seeking access to customer data, but rather seemed to be interested mostly in the info related to the investigative reports on financial dealings of China’s “royalty”. The thing that’s scary is that the New York Times isn’t some cheap county newspaper, but one of the richest media companies in the world with a reputation that other media outlets look up to. They could afford the toughest security to protect their data, and of course they did have security on their networks that they thought was good enough.
The hackers that attacked the New York Times used more advanced malware and infiltration techniques than the company could have expected. Especially if the allegations that the attacks were carried out by the Chinese military are true, the hack teaches the world a valuable lesson – hackers may choose unexpected targets and look for unexpected gains from their attacks. It’s not just the money that can be made from collecting personal ID and financial information, but so many more things can present an attractive catch for cyber attackers.
What people need to learn from this attack is that every organization, no matter big or small, needs to assess the information that is stored on its computers in terms of how valuable it may be and how dire would be the consequences if the info got out. If the data is of value, we have to think about the toughest protection for it that can be acquired. An antivirus program is rarely good enough when your data becomes the object of a targeted hacking attack carried out by experienced individuals with advanced tools and technologies. We should also remember that hackers may use employees’ personal computers, which may not have very good protection, to gain access to the company’s network, so teaching employees cyber safety rules and ensuring they use the same tough security tools is another important aspect of protecting your data.
Hackers’ getting more and more sophisticated in their methods gives us, law-abiding citizens, more reason to tighten defenses and exercise stricter vigilance, regardless of whether we believe the information we possess may be of interest to criminal groups.