How To Protect Your Digital Wealth

By Author: Elisabeth Craft
Total Articles: 1
Comment this article

Today, in the era of Wikileaks, almost everybody is concerned about protection of his digital wealth. Financial losses caused by malicious hacker's activities are growing every year. At the very beginning of August 2011, McAfee said it had uncovered an infiltration into more than 70 organizations and governments worldwide. This sad case can be explained, because corporations, governments and individuals prefer to act only after an incident, and only few of them take preventive measures. In some cases the situation is even worth: there is no reaction even after the incident or data loss.

It seems that security solutions and products that exist today simply don't work, or at least are not working properly. However it is too early to give up because the solution exists, and current situation can be significantly improved. Performing my research to find out which measures can be taken, I have found a security testing service called "Ethical Hacking". The idea is quite simple and exists for about 10 years: you engage hackers (more often they are called security auditors - not to scare customers) to penetrate into your network, ...
... or into any other information system such as SCADA. They will work with your legal permission and authorization, under your total control and surveillance, and certainly with a strict NDA signed. Upon the completion of their work they will provide you with a report explaining how they managed to get in, and with recommendations how to harden security of your systems.

I have discovered ethical hacking myself after reading McAfee's report, which was commented to the Swiss medias by an expert from ethical hacking company High-Tech Bridge SA (HTBridge). After careful examination of High-Tech Bridge website, I have found few different approaches to the mentioned above security testing: internal, external and hybrid. The last one was the most interesting for me as it represents mixed and highly-complicated attacks. For example High-Tech Bridge's team offers to perform an attack from a trusted network (e.g. partner's or client's network) or from a stolen or lost corporate device (e.g. notebook or smartphone). Internal security testing offered by HTBridge is also interesting as it offers a module of malicious employee's behavior simulation. As many security experts say the biggest risk to companies today is not external hackers, but insiders. So, internal attack simulation service offered by High-Tech Bridge can be very useful these days to find out what can dishonest staff do to your business.

High-Tech Bridge also explains on their website different methodologies and security testing standards that are accepted and used worldwide. Despite that such standards exists, we can conclude that not many companies and governments use such services as offered at HTBridge regularly enough. Quoting High-Tech Bridge's website: "It is impossible to verify how an airbag in your car works without inducing a car accident. However, if the airbag does not work during the accident it will be too late to do anything" I can say that we can avoid seeing the next McAfee's report if we spend a little bit more time and budget on professional security testing. Unfortunately for many companies mentioned in the McAfee report, commented by HTBridge experts, it is already too late to do anything. However they still can, and should, prevent such problems in the future.

My conclusion is very simple: we should use a proactive approach to information security to save money, time and reputation. We should not wait until it is already too late. Use ethical hacking services offered by High-Tech Bridge SA (or any other company with verified background and solid reputation), or at least promote this article to your IT manager so he can think twice before allocating his new budget. Or simply bookmark HTBridge's website: www.htbridge.ch.

You can also stay updated with the recent news, interviews and press releases of High-Tech Bridge on various social networks:

High-Tech Bridge/HTBridge Facebook

High-Tech Bridge/HTBridge Twitter

High-Tech Bridge/HTBridge LinkedIn