A Trojan horse made of code

2019-10-10 | Publications / Resources

Whether it is a massive data leak of a financial institution’s customer details or a celebrity’s private photos, we are constantly reminded that when it comes to digital information, it is often a matter of when, not if, sensitive information will be compromised. For companies like EACOM, a breach can mean anything from financial loss to the total shutdown of its computer servers, bringing its sawmills to a standstill.

Teodor Nutu is a Senior Systems Administrator at EACOM’s Information Technology (IT) department. The team of five works hard to keep EACOM’s systems and operations running. A personal interest in cybersecurity prompted Teodor to take the lead on subject.

“Human error is our biggest challenge by far. Even the most robust security system can be breached by one wrong click. At EACOM, we have a two-pronged approach to tackling this vulnerability: education (awareness) and the use of next-generation technologies.”

All it takes is for one person to divulge their email and password in a targeted phishing attack and the hacker gains access not only to the entire corporate address book but also to every email ever sent or received by that employee (photos, passwords, financial information, contracts, clients and suppliers information etc.). It also allows hackers to exponentially mount attacks directed to all employees, clients, and suppliers.

“We imagine a hacker sitting in a dark room, trying billions of password combinations to break into an account, but most of the time, the information is volunteered by the victim through phishing attacks” explains Teodor. “A phishing attack is a convincing email meant to trick the user into clicking on a link or downloading an attachment that captures login information or spreads to other computers on the network. Ultimately, the goal is to encrypt files and paralyze entire servers, making them unavailable unless a ransom is paid.”

He has witnessed the evolution of the field over the last 20-odd years and recalls that his first job involved finding the right anti-virus software on a floppy disk without the aid of the internet. At the time, computer viruses were mischievous and even humorous but as financial transactions shifted to digital platforms, computer malware became very profitable. The tools to fight attacks have also evolved to cloud-based pattern recognition where the end-point protection provider aggregates data from attacks and develops specific solutions.

One suggestion for staying safe? Passphrases. A single word, even with special symbols is not enough, especially when used to access multiple accounts. A sentence like
“It’s 5:54AM” is easy to remember, contains many different characters and is harder to crack.

“We are always vigilant as these attacks evolve daily and we need to adapt quickly. As everything becomes more interconnected, we must ensure that we have a good disaster recovery plan. October may be Cybersecurity Awareness Month but we need to exercise good judgement and be aware year-round” concludes Teodor.