Not so startling revelations of how a hacker broke in

These 10 ways are becoming all too common approaches, but yet users still fall for them.

hacker broke in

Trust no one

At the heart of every exploit, the vulnerability always lies in the target’s trust for attacker supplied input. This is true whether the attack is network-based or a hacker is trying to gain physical access to a specific location. To effectively mitigate risk, companies and individuals need to take the necessary precautions to keep data secure. The saying in the cybersecurity consulting industry is “trust, but verify.”

Mitigation works on the same principle. Companies and individuals need to verify that the link, person on the other end of the phone or information sent to their servers isn’t going to result in some unexpected error before allowing access. Joseph Hesse, director of the Labs division at Coalfire, offers 10 common ways hackers infiltrate secure systems.

Substandard passwords
CSO staff

Substandard passwords

 At least one of your employees currently has a password that a hacker could easily guess (i.e. 'Fall2016!'). Unfortunately, passwords like this also meet policy guidelines, despite the well documented risks associated with using them. Though cliché, make sure your employees frequently update their passwords and keep them unique enough to avoid being breached.

Password Reuse/Sharing

Password reuse/sharing

Many employees use the same administrator passwords within their company’s system, which leaves the company vulnerable to cyber attacks. Unfortunately, many credential-theft techniques used to impersonate users are still alive and well. One common method is known as Pass-the-Hash. Using this technique, attackers can use these credentials to infiltrate and take over entire networks.

Phishing/Client Side Attacks

Phishing/Client side attacks

Spam filters do not prevent all phishing scams from getting through to your inbox. Additionally, employee mistakes continue to be one of the most common ways a company can be left vulnerable to a breach. Implementing products that help control where data can go can be effective, but not enough businesses are investing in employee education to help prevent breaches. To better protect your company, start employing better employee training and education practices so your employees understand their role in preventing cyber attacks.

RELATED: How to avoid phishing attacks

04 usb

USB drops

Many USBs that are dropped by accident actually get plugged in out of curiosity for what could be found on the device. Unfortunately, some USBs house viruses that can be harmful to your computer. Bottom line: don’t plug in any unfamiliar devices into your computer or other hardware that contains sensitive or personal information.

Social engineering

Social engineering

This is the art of manipulating people or taking advantage of naivety so a person gives up confidential information. This tactic is used often because it is easier to exploit a person’s inclination to trust a source than it is to discover ways to hack a computer or software. Think about it in practical terms: would you rather ask someone for their password or hack their computer to find it?

RELATED: Social engineering: 7 signs that something is just not right 

Poorly Coded Web Applications

Poorly coded web applications

Even the best developers are sometimes rushed. When a product is rushed and has not received a proper security review, bad code goes unnoticed. This can be leveraged by hackers for an easy in.  

RELATED: 7 ways DevOps benefits CISOs and their security programs

Improperly Implemented Segmentation Boundaries

Improperly implemented segmentation boundaries

Without proper segmentation, hackers can move from system to system looking for valuable information to steal. Companies need to make sure that they have a secure network design that slows down the rate at which hackers can move through a network.

Responder/SMB Relay Attacks to Recover Password Hashes

Responder/SMB relay attacks to recover password hashes

One of the easiest ways to move around a network is by exploiting the SMB protocol and other broadcast-based protocols. The SMB protocol vulnerability was patched by Microsoft more than a decade ago, but hackers recently found that there is a way to still exploit the hole in the system. This attack affects users using Windows.

09 unpatched

Unpatched systems

Have an outdated system that you think the vendor is responsible for? If it is in your network, it becomes your responsibility. Keep your systems up to date.

10 credentials

Systems with default credentials

This common way hackers get into a system occurs when someone actively chooses not to set a password to something on your network. It seems illogical in this day and age, but it still happens quite frequently. Check with your employees to ensure that they are protecting critical information.