Keeping corporate IT systems safe from intrusions is a more complicated prospect today than it was even a few years ago. As more online systems become viable and useful business tools, hackers branch out, finding new methods of intrusion designed with these systems in mind. Legitimate developers have made stunning advances in defensive technology, but the sheer number of data breaches reported every year shows how far they have to go before companies' IT leaders can breathe easy.
"Every possible piece of information that could serve as a back door into company computers may become a target."
In addition to the standard attack methods, such as phishing, business owners should be aware of the more irregular ways hackers can compromise their systems. Every possible piece of information that could serve as a back door into company computers may become a target. This risk has led to types of fraud designed to steal firms' web domains, as well as hacking that goes directly through IP addresses.
Myth vs. reality
Before IT leaders can prepare themselves for an attack such as IP address hacking, they must understand what hackers can accomplish through that method. IP-based tech service What Is My IP Address explained that the the direct link between IP and user identity is a myth. There isn't a one-step way for a criminal to tell a person's identity through his or her computer's IP address. However, this fact doesn't mean hackers aren't interested in IP addresses. They may still use this string of data as a back door to access computers and cause havoc.
Security Sales & Integration contributor Michelle Mochalis tackled an opposite myth: Some company IT leaders believe that because their businesses are small, hackers won't care about figuring out their IP addresses and breaking in that way. Unfortunately, that's not true. Criminals often pick their targets by looking for weak defenses from an endless list of IPs, not caring what they may find until they gain access. Even small businesses whose networks hold relatively little data compared to massive corporations can be targeted.
What hackers want
The value of a vulnerable IP address may be measured in simple dollars and cents. Mochalis pointed out that the attackers doing the grunt work and creating programs that sift through the 4 billion or so possible IP addresses don't necessarily break into the weak addresses they identify. Instead, they sell their findings to other criminals who are interested in infiltrating computers to see what they can steal. In the case of businesses, they may be most interested in personally identifiable information or PII that can lead to tax fraud or identity theft.
What Is My IP Address added that each IP address is followed by port numbers. Every program has an associated port through which the system engages with the internet. These ports are what hackers will break into when they learn a computer's IP address and aren't stopped by security programs. Once they're in, what they'll be able to accomplish depends on the software breached.
"'Junior' criminals may cause full-scale data breach headaches for a company."
The source added that the hackers who break in through IP addresses may be "junior" criminals, unable or unwilling to carry out major crimes. That doesn't mean they're harmless, however. If they illicitly sneak into a program containing PII, this can be considred a data breach.
Ready for anything
Every type of hack and breach has to be considered when companies develop their security strategies, as it doesn't matter what kind of back door hackers find: any type of breach can cause financial and reputational damage, as well as be costly and time-consuming to repair. Companies with advanced monitoring capabilities and incident response plans may prove more capable of surviving hackers' toughest challenges.