Dan earned his CompTIA (CIOS) certification in 2010 and worked in the computer repair/networking industry for several years.
Data Theft Overview
Hackers exploit computer weaknesses for various reasons—sometimes it's just for fun and status gain among peers but it can, and often does, get ugly. Other motives are data theft leading to monetary gain and obtaining information on political opponents—exemplified in the hacking of Hillary Clinton associate John Podesta—during the 2016 presidential election season—ultimately resulting in the disclosure of stolen e-Mails through Wikileaks. Hackers have various ways of stealing data but in this instance, it was done via a phishing attack—a technique used to trick e-Mail users into clicking on malicious links sent to them.
Ransomware is another prime example of a data theft technique. Once installed, the malicious software encrypts files that it infects, rendering them unusable and demanding a ransom to unlock the files. The first discovered instance of ransomware occurred in the late 1980s and since then, cybercriminals exploiting the lucrative market of data theft have increasingly used ransomware as a tool.
On May 7, 2021, Colonial—who owns and maintains a gasoline transport pipeline—reported that a ransomware attack against their computer infrastructure caused the pipeline to shut down, rendering a major gasoline shortage on the East coast of the United States. Hundreds of drivers were affected and began panic buying gasoline.
Ransomware typically gets installed unknowingly by internet users who download free programs, often from websites that are controlled by cybercriminals. The programs come in the form of—including but not limited to—games, word-processing software, facial cosmetic apps, and computer maintenance software. The latter is often used by cybercriminals because all computer users want their devices running smoothly and problem-free. When the programs are installed, malicious software of many sorts is unknowingly installed by the computer user.
How often do you run across websites where a "warning" message flashes on the screen prompting you to download and install an antivirus program? Ironically, that software has a hidden virus in it. Drive-by-downloads fall into the same category, where virtually no user interaction is required to become infected—when visiting a compromised or fraudulent website, computer hackers can, by automation, install malicious software onto a device via security vulnerabilities on the devices.
Programs free of charge are generally appealing, although there is no rule that ransomware is installed only by downloading and installing programs. Disgruntled employees who are computer-savvy and have direct access to their employers' computers have been known to compromise the systems in various ways.
A Broad Understanding of Computer Security
Data security encompasses a wide range of computing concepts. Many computer users erroneously believe that installing an antivirus suite on their device and turning on its notification settings is sufficient for securing their computers. Integrating common sense into the day-to-day usage of computers is an important add-on—if something seems fishy, then there's probably foul play at work—and there are plenty of articles related to safe internet surfing where tips can be gained regarding this.
Physical security is an often overlooked facet that results in stolen computers, especially laptops and smartphones. Folks love working and hanging out at those luscious coffee shops. Occasionally when they step off to the side for a restroom break or get distracted, devices end up stolen.
For the business that keeps their computer servers on-site, there should be dedicated rooms with locked closets, for best practices. Alarms and security cameras are a bonus if the budget justifies the cost. In addition, access restrictions and other rules can and should be implemented in a security policy—a comprehensive set up rules for employee computer usage.
What happens when it comes time to get rid of devices that are broken or outdated? Device discarding should be implemented in a secured way. There are various ways to retrieve data stored on computing devices—this is true even if they are damaged or the data stored inside has been deleted—merely deleting files does not necessarily render data unreadable.
There are recommended and professional ways to render data unreadable on used computing devices. Professionally built hard drive destroyers are a proficient way of accomplishing this, especially for businesses managing hard drive discarding on a large scale.
Computer Security Plans in Action
There's a lot of unsecured data in the world. Computer hackers know this, so it's just a matter of time before they conjure up a plan and steal it. On the bright side, there are also effective and efficient ways to mitigate the risk of data theft.
Computer user education, careful software vetting, physical security, and carefully planned network access policies should be part of serious computer users' security risk mitigation.
This content reflects the personal opinions of the author. It is accurate and true to the best of the author’s knowledge and should not be substituted for impartial fact or advice in legal, political, or personal matters.
© 2021 Dan Martino