In light of the NASDAQ Stock Market publicly confirming that it was the victim of a hack, technology experts are predicting this is in fact the start of a larger string of hacks targeted specifically at exchanges.
The NASDAQ hack was aimed at a service which lets business leaders share confidential information – by accessing sensitive documents like this, hackers could have made significant money based on the insider information.
Similarly, according to a report out in the US last week, 20% of emails that come from the US government to external parties are falsified with the intention of seeing personal information.
These previously secure environments have opened up internet services to their stakeholder communities, which in turn introduce risks – hackers are very sophisticated at finding these weaknesses and exploiting them.
The NASDAQ hack is perhaps an example of the hackers’ mindset – nothing is too sensitive or too high profile for them to target. The EC carbon credits hack was another example of a highly targeted attack designed to make a lot of money.
The remedy for such cases is full and proper risk assessment of these systems before they go live instead of a tick in the box security assessment. It is a game of chess. Historically the miscreants have been underestimated but many are playing the game at grand master level and we have to think as many moves ahead as they do to remain secure.