Attacks are on the rise

According to a report by Riptech , a security services provider in Alexandria, VA, such attacks are up 64 percent in the last six months. More sobering are reports from Riptech and others that this is just the beginning. The number of cyber attacks is going through the roof.

If you've read about these reports, you probably took some comfort in seeing that these attacks are mostly focused on either the biggest companies, or on certain types of companies, such as energy producers and utilities. The implication is that if you're not huge, and not in a targeted industry, you have relatively little to worry about.

If you believe that, you are, of course, fooling yourself. Being smaller is no protection, nor is being in an industry that's not being targeted. In fact, hackers or terrorists might attack your company in order to home in on your business partners. In other words, attackers could use your company as a bridge to attack another company. For all the damage this will do to your business relationship, you might as well have been the target of the attack in the first place.

To avoid being easy prey to an attacker, you have to set up strong defenses that will force the bad guys to look elsewhere.

Fortunately, most of the steps are fairly simple, if you can force yourself to take them. According to William Hugh Murray of TruSecure, a security think tank based in Herndon, VA, two of the steps include unhooking your workstations and servers from analog phone systems, and making sure you have strong authentication requirements on all gateways and network applications.

According to Murray, one of the most effective ways to compromise a network is to dial into an administrator's workstation repeatedly, perhaps for months, to gather all the necessary information, including passwords, security configurations, settings, and authentication details. The reason this works is because most administrators' workstations have an analog connection for providing remote assistance, and analog dial-in security is usually fairly weak, not to mention that the risk of detection is low.

Many serious network attacks start with what's called a "war dialer." This is software that commands a dialer to try every available number and listen for the telltale tones of a modem. The software records those numbers, which the attacker later uses to attempt a network break-in. The process is made easier and quicker because even moderately sized businesses will usually have a defined range of phone numbers assigned to them. To break into a particular business, all you need to do is try the numbers within that limited range.

While hackers and terrorists have different motives for the damage they do, the results are the same. Your data is lost or compromised, your business relationships are damaged, or your reputation is tarnished. Just because you're not in the Fortune 50 doesn't mean you can afford to believe it won't happen to you. As the growing number of similar attacks show, it certainly can.

What other measures has your company taken to protect against malicious attacks? TalkBack below or e-mail us with your thoughts.