Foreign Governments Are After Your Business Information, Money and Data

International digital espionage has been a poorly kept secret, but in the last couple of years, the lid has been blown off state actor efforts to steal information or money from companies, or hold them to ransom, with broad-based efforts to break into any company, whatever the actual value.

By Chris Knight

Iran, North Korea, failed states and major world powers are all involved in concerted hacking efforts. You might think they are aimed at the U.S. Government, Defense Department and businesses that build planes, ships or are involved in billion-dollar deals. Yes, those are targets, but well-defended ones, so hackers will take what they can get from less protected sites and businesses.

In reality, they are hacking with automated tools that sweep across billions of IP addresses and endpoints daily, and will happily steal from 100 small businesses that can provide them with high-value U.S. or European currency, credit card or personal data files they can sell on black markets, or cryptocurrencies they can siphon off for their own deals. A recent United Nations report singled out North Korean as having grabbed over $2 billion for their own uses to counter world sanctions and to help fund their own nuclear efforts.

This puts every business at risk and makes having solid defenses a requirement for any type of company, from a growing array of hacking tools. U.S. Cyber Command recently released some examples that the North Koreans are using, one example being “Electric Fish” that creates a digital data tunnel through which data can be leaked through a backdoor to their own servers.

How to Protect Against the International Threat

Modern IT security has moved far beyond the need for a firewall and antivirus software. Every connection and link could be a weak point, every printer, router and smart device a risk. The risk grows as hardware vendors use unbranded parts, chips and circuitry, mostly from Chinese factories, to reduce costs. They could contain their own digital payloads to make something seemingly innocuous like a cheap webcam or wireless router into a potent weapon.

Therefore the security needs of any business need to enterprise-grade regardless of their actual size. They also need to be smart, working proactively to counter threats the day they are created, using penetration testing to ensure your network is secure, good administration practices and auditing to ensure every cloud feature like Amazon AWS, GDrive and service is protected.

Busy growing companies often lack the skills to build a secure network, while startups often go with off-the-shelf tools but don’t know how to properly manage them. All of these create risks that can be managed by partnering with an IT and security expert to help build a secure solution, with the tools to manage the security on your behalf with backup and recovery services to help in the event of any type of IT failure.

As the number of IT-based heists booms, and events like data-ransomware grow, it is only a matter of when your business will fall prey to some kind of attack. Perhaps it only some low-end chancer demanding a few bitcoin, but if all your data ends up on the dark web, or a foreign power wipes out your bank accounts or corporate credit cards, your business may struggle to recover, making solutions and services from vital to fighting this battle for you.

Regular Amazon Cloud Leaks Highlight the Risks of Third-Party Cloud Storage

A hobby for many security consultants is finding easily, exploited weak spots in major cloud storage and service providers. These guys do it with a positive mission, but we guarantee the criminals out there are doing the same thing and will be delighted to steal your insecure data.

By Chris Knight

Kevin Beaumont is a high profile security consultant and when he tweets about weaknesses in cloud systems (like the recent Capital One leak from Amazon’s AWS) you can bet plenty of hackers are taking notice. That and when Amazon S3 data buckets are a high profile topic of discussion at DefCon hacker events, you just know the risks of using them in an insecure manner are high.

The issues are two-fold. Despite the automated nature of using cloud services, there are still people involved, and all it takes is one grumpy current or ex-employee with the right log-in details to siphon off your data, or there can be someone working at a third party with access who might decide they can make some money.

The second issue is the classic use of weak passwords/login details and not checking system logs to see who is accessing those services and your data. So many businesses are reliant on their data, but lack the time or security awareness to check the data is secure and that access rights are managed, and passwords changed on a regular basis, especially when someone leaves the business.

There’s a risk that many businesses don’t even know what an EBS snapshot is (elastic block storage). If these are not correctly configured, anyone can go browsing through them and find data, application keys and other information of use, putting the entire business at risk.

Protecting Your Cloud and Other Services

This hacker’s paradise is the result of businesses lacking the basic security information or expertise as they grow. IT security awareness needs to be at the heart of every business decision and IT process, from secure networking to strong access rights. And if your company lacks that knowledge then a secure partner needs to be involved, and today is the bare minimum you should be starting on that journey as tomorrow could be too late.

Without securing the business, your client information could be stolen leading to prosecutions and fines. Your databases could be kidnapped by ransomware or wiped, crippling the business, or sold to rivals. Even losing access to services can damage a company’s reputation and revenue.

As the number of IT-related security incidents grows, your business might not seem like a target. But, the more cloud and third-party services you rely on – and the more people who have access – the risk increases. Amazon and other cloud providers has their own security, but it is down to individuals to manage all the features and settings properly, something that creates weak points, especially when all eyes are focused on growing the business.

Having an expert on hand can bolster your security and identify weakpoints across the businesses’ IT infrastructure, making’s services an essential that could save any company from a crisis or prevent it from going out of business.