It was a stealth attack.
It was deliberately targeted, frighteningly fast, disturbingly easy and alarming for its potential not just to bring a multi-million pound global company to its knees but also for the chaos it could have caused the company's millions of clients worldwide.
It took just two hours for hackers to access every single file on every single computer including the credit card information of every single client of a company worth 800 million pounds a year.
This wasn't Sony. And this wasn't some shady, underworld hacking ring, penetrating the company's IT security for either financial gain or glory. This hack was done from the comfort of a seaside office on England's south coast.
It was done using nothing more than a PC and an internet connection, and the men who did it were paid to do it by the very company they were hacking into.
Welcome to the world of ethical hacking: the simulation of criminal attacks on an organisation's systems, premises, or people or a combination of all three with the written legal permission of all parties involved. It's all done to determine vulnerabilities which could be exploited by an attacker with criminal intent.
In a world where companies are grappling with the IT security challenges presented by modern computing, the cloud, social networking, consumerisation and mobility and where even the most high-profile and presumably tech-savvy companies like Sony can be hacked and have their embarrassment aired for all to see ethical hackers are increasingly being seen as the professionals to turn to.
"Most successful attacks are a combination of unfortunate mistakes on the part of the victim," ethical hacker Peter Wood (below) explains.
"So in the example of RSA and in the example of Sony, it won't be one mistake. It might look like that, it might be what the press might portray, but actually it will be a cascade of mistakes that portray a systemic problem with the victim."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
'You need your own bots' to wage war against rogue AI, warns Varonis VPNews Infosec pros are urged to get serious about data access control and automation to thwart AI breaches
-
CrowdStrike CEO: Embrace AI or be crushed by cyber crooksNews Exec urges infosec bods to adopt next-gen SIEM driven by AI – or risk being outpaced by criminals
-
Microsoft security boss warns AI insecurity 'unprecedented' as tech goes mainstreamNews RSA keynote paints a terrifying picture of billion-plus GenAI users facing innovative criminal tactics
-
APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source componentsNEWS Apps and APIs bear the brunt as threat actors pivot to living off the land
-
AI is changing the game when it comes to cyber securityNews With AI becoming more of an everyday reality, innovative strategies are needed to counter increasingly sophisticated threats
-
RSAC Chairman urges collaboration to ensure collective defense in securityNews Chairman emphasizes the critical need for cooperation among cyber security experts
-
IT Pro Live: The future of encryptionVideo AI and quantum ccomputing could be about to change the face of security forever
-
Mobile apps now most common method of fraudNews RSA Security report highlights the rise in burner devices and rogue apps
