There are few things that you consider when forming a cybersecurity framework. Naturally, chief among them are the perpetrators such as hackers who engage in mysterious online threats by constantly adapting to new technology. These hackers might seem indomitable, clever, and always working to break down security. Yet, this is not necessarily the case. What if the nature of the threat was different? What if anyone could become a top-level hacker without sufficient knowledge of computer programming? How might a business address this issue and anticipate a different threat?
What is the nature of the threat?
On the issue of hackers, while there are certainly those who have the skills to access systems, but they are not the only threat. There are three kinds of hackers: First: “white-hat” hackers, who will hack to expose security flaws for a company. Second, “black-hat” hackers who hack to cause harm or gain profit. Third, “script kiddies” who are an offshoot of black-hat hackers. These script kiddies tend not to have the technical skills of a black-hat hacker. Instead, they rely on pre-existing tools that black-hat hackers disseminate. This allows a script kiddie to engage in a more advanced attack and cause harm. One particularly notorious instance occurred on February 7, 2000, where a 15-year old launched a massive DDoS attack using a slightly modified tool that was downloaded online.
Essentially, the hacker who is attacking an individual or a business may not be an advanced computer user. It is effectively easy as purchasing a virtual weapon and unleashing it. This opens an issue to damages–both to the individual and hacker. Without knowledge, they could potentially cause widespread damage by applying the malware blindly. Yet, the advantage is they may also fail to mask their Internet Protocol, or hide their identity, which makes it easier to locate, identify, and charge the perpetrator.
What plans can be used to protect yourself?
When dealing with the issue of Script Kiddies, like with any hacker issue, there is a three-prong plan:
The first prong is knowledge, both about the most-recent security measures and security exploits. The latter is especially important as it should help prepare a business and tip off what could occur in the future. Furthermore, there are multiple online sources, detailing the basics of being a “script kiddie,” which tools they might use, and how they may aim to employ an attack.
The second prong is employing white-hat hackers. Some businesses, like Google and Facebook, offer bounties. While those bounties may be high, offering rewards for friendly hacking could pay off in avoiding future costs. Adding on to this culture are competitions on white-hat hacking to figure out how to block potentially-malicious attacks by exposing security vulnerabilities. Even maintaining some awareness of recent white hat exploits may help to patch security vulnerabilities.
The third prong is ensuring proper security measures or “safe computing.” For example, one should make sure that proper antivirus and firewalls are up, require multi-factor authentication, and create multiple backups in different locations. In addition, avoid plugging in unknown USB drives, connecting to public networks, and opening suspicious email attachments. In general, script kiddies attack in the ways we’ve discussed beforehand. This is important as any method used to avoid other hackers will probably apply to script kiddies.
At our law firm, we assist clients with legal issues related to internet, technology, and cyberspace laws. Please contact us to set up an initial consultation.