H is for…

Hacking

I’m pretty sure that you’ve all heard the term “hacking”, and you probably know that it has negative connotations. But what exactly is it?

Put simply, it’s trying to get access to a computer or network using vulnerabilities in the security of the target. Note that I don’t necessarily say software: people can be hacked too, which is effectively what social engineering is. I won’t go onto social engineering here as it’ll be covered under “S is for…” later this year, so for the moment I’ll concentrate on hacking software.

Almost all software has errors in it which can be used to make the software do things the manufacturer didn’t intend. The bad guys know this, and spend a lot of time looking for those errors, then writing their own software to make use of these vulnerabilities (weaknesses): this process is called writing exploits.

The bad guys have a number of ways of getting their exploits to run on your systems: phishing emails are perhaps the most common and well known method, as are infected websites which download and install software in the background.

The best ways to protect your systems from hackers are:

• Change your passwords regularly and enforce long, complex passwords for administrator level accounts
• Keep patching and antivirus updated
• Ensure your systems are vulnerability scanned, preferably penetration tested, on a regular basis
• Ensure you / staff are trained to spot phishing emails

Hacktivism

Hackers who attack systems in support of a specific cause are engaging in hacktivism. Organisations like Anonymous rose to attention because they attracted hacktivists supporting different causes to attack companies which were involved in those causes.

Hybrid cloud model

As the name suggests, this kind of model is a mix of cloud and on-premise service provision. Some of the data / servers being used are in data centres run by your organisation, and some are in the cloud.