Protection of business data from hackers

By Damith Kurunduhewa

A young cyber wizard was just meditating with the computer screen. He is glued to it like a statue; his eyes are totally focused on a tiny blinking icon on the screen and his stretching concentration obviously is in the Theta brain wave layer. At times, he types few alphanumerics in the computer key board. A picture perfect studious young man - one might think.

But, it is not to be. He is already a seasoned HACKER - a corporate data thief who patiently waits at the cross border point of a well protected corporate data base.

At some moment during the same day, a system administrator of a Blue Chip conglomerate elsewhere - enters his password to gain access to his company database as part of his routine tour of duty.He little realizes that there is a stranger at a distance - waiting patiently and silently at the entry threshold to gain access to the same database via the web - ILLEGALLY.

As the system administrator unlocks the multi layer access control for a moment - the hacker too enters into the data base - together with the administrator - yet invisibly. It is two people - two routes and a single access path scenario!

The hacker now sleeps within the data base, until up to the time that the administrator completes his legitimate tasks and leaves the base. That is the celebration time for the hacker to get up and get active. And that exactly is what he does.

He succeeds to penetrate into the business data files that he was looking for. The Silent Damage is Done!

This is the outline summary of an actual software data theft that was committed in Sri Lanka - a few weeks ago. The network intruder detection indicators eventually picked up the traces of penetration - but it only presented a Post Mortem value - as the confidential corporate data has already been exposed and stolen.

Information Technology Security or better known as IT Security is an integral portion of corporate information management. It is a highly diverse spectrum that spreads from - person to person dialogs up to automated satellite data transmissions on shore to shore basis.

The software data protection is an ever changing facet in corporate security. The data in the form of software inside the computers, storage devices and data bases carry vital details that has both strategic and application value for a business organization.

The data risk is in existence at all levels - be it a micro computer, network architecture or web server mechanism. The core threat to software data protection is the unauthorized logging that rolls in by way of (external) data hacking and (insider) data tapping.

Both avenues are extremely risky in terms of business protection and its viability which therefore, demand the attentive focus of the top management layers of any premier company.

The Risk Spread
The data security is principally based on two reliability factors - The data confidentiality and the data integrity. The software intrusions are planned by hackers in clinical precise and they exactly know when, how and where they can or should penetrate in to a protected system.

The core risks in a computer data ambience can be simplified as,

Data Reading and Capturing
Modifying Existing Data
Creating False Data
Deleting Existing Data
Hiding Existing Data
Transmitting Specific Data
Transporting Stolen Data
Duplicate Storage
Immediate Virus Attack
Sleeper Virus Planting

The protection against these risks is made difficult by the day - with the introduction of wireless technologies in the form of Wi-Fi and Blue Tooth, etc where the (innocent looking) system attacker or data thief only needs to reach the wave zone to commit the crime - from just outside a protected ring.

IT Security Planning
Like in all areas of professional corporate risk management, the IT security management too is in demand of "an ultra imaginative - unorthodox - penetrative brain" behind the initiative. The people reliability on which the data system has to depend - creates the base platform of the IT protection planning. It begins with a scanning to determine how sincere their MOTIVES are - and will be!

Once the HR factor is filtered at the levels of conceptual, procedural and application perspectives - at the next plane we need to design data classification, user controls and logging mechanisms on SYSTEM SPECIFIC basis.

In order to make the data protection initiative a holistic effect - a sensible data backing up, indepth fire walling and data base intruder detection mechanism should be brought in place - supported by an executable IT crisis response and recovery plan.

There is a verse that says "Believing in yourself is the first step to success" – and the hackers strongly do believe it. Yet, success in his or her deceptive intrusion means a FAILURE in your business. It’s time that we care to take care!

The author is Strategic Security Specialist / Pragmatic Trainer & CEO of Strategic Security Solutions. He can be reached at - solutions@sltnet.lk