While the tech sector is a pillar of efficiency and creativity, tech businesses are often vulnerable because of the type and amount of critically important data they handle. Tech companies are often at risk of cyber attacks from individual hackers, cyber spies, and nation-state-sponsored hacking groups.
In this post, we’ll look at common traits of tech businesses that can expose them to cyber risks and make them a popular target for cybercriminals. Furthermore, we’ll also consider where these threats come from, why the security of the tech industry is vital, and how tech businesses can improve their security postures.
What Attracts Hackers and Cybercriminals to the Tech Sector?
The tech sector attracts attention from malicious threat actors for the following reasons:
- They have valuable data, including sensitive information and intellectual property
- They are risk-takers and early adopters of new technology
- They often use cloud computing technology, which can pose a cybersecurity risk
- They often encourage the use of open architecture
- They often supply multiple firms, providing opportunities for supply chain attacks
The valuable data hackers will likely find in a tech company includes personally identifiable information (PII) and intellectual property (IP). Tech firms like software vendors and cloud operations hold valuable access credentials, personal data, or credit card details.
The biggest risk is that this data can be stolen and sold onto the dark web. Cybercriminals can also use PII to bolster social engineering attempts, including phishing, or to commit identity theft, usually to make fraudulent transactions.
Stolen IP can also be a major problem for the tech industry. Necessarily, tech firms tend to be at the cutting edge. Their success depends on their ability to innovate, and they often aim to lead other firms in terms of technological devices and software solutions.
IP theft can allow another firm to produce similar products or services without the time and financial cost of research development. This puts the hacked business at a significant competitive disadvantage.
Early Adoption of New Technology
Businesses in the tech sector tend to have larger risk appetites than those in other sectors. The greater appetite for risk is largely due to tech businesses pushing boundaries to innovate and provide cutting-edge products and services.
However, because some tech companies are also early adopters of new technology, it can lead to cybersecurity problems since new technology is typically more vulnerable than mature, tested products and services.
For example, staff working in tech jobs are more likely to use the latest 5G smartphones and apps to achieve their creativity and productivity goals. Newer technologies, such as IoT devices, including wearables, can introduce significant risks to a network by increasing its attack surface, with devices typically lacking adequate security measures.
Tech companies are also usually early adopters of new technology. While leading the way with cutting-edge devices and technologies for their workflows and staff, this practice is likely to make a network more vulnerable because the new technology tends to have unidentified bugs and backdoors.
New devices are inherently more risky to use than more mature technology. Most software updates are security fixes.
People working in tech firms are also more likely to appreciate fast and flexible communication methods, including social media messaging services and collaborative apps. They are also likely to promote their business using popular social media platforms.
The professional use of such apps increases the attack surfaces of these firms. Even with technically savvy workers, human error remains a significant cybersecurity risk that can lead to data leaks and data breaches. Any worker can be vulnerable to social engineering, such as phishing and spear phishing, especially as these attacks become increasingly sophisticated.
Tech firms are often strong proponents of cloud technology. It can facilitate creativity by allowing geographically distributed teams to collaborate on projects with shared resources and tools.
However, cloud misconfigurations are common, so using cloud technology requires strong information security policies and procedures to avoid data leaks. A misconfiguration can make sensitive data that should be password-protected publicly available. Continuous security monitoring and other security controls must be in place to protect this data.
Another risk of using cloud technology that must be weighed against its many advantages is that cloud solution providers are targets for cybercriminals. This is largely due to the potential for a hacked cloud service provider to allow hackers to access multiple business networks or data stored by many companies.
Open IT Ecosystem
Tech firms often have an open structure compared to other businesses, intending to stimulate the creativity essential for driving innovation and staying fresh among competitors in a fast-paced industry. This openness includes using remote workforces so that these firms can benefit from global talent and diverse teams with varied perceptions and skills.
However, a sprawling or open network suggests a larger attack surface, which can be more difficult to protect against unauthorized access. Companies using remote or hybrid workforces must deal with the issue of unvetted and potentially unsecured personal devices connecting to the business network.
Hackers can take advantage of third-party service providers or online services to access networks. Breaching third parties can open up many avenues for supply-chain attacks. Tech businesses need to build or implement third-party risk management (TPRM) programs to prevent third-party attacks and minimize the risk and impact they can have on their organization.
Certificate authorities, software vendors, and makers of point-of-sale systems and communication devices are all excellent examples of tech firms that are very attractive to hackers.
A company involved in the security of many firms will be a target for hackers. Not only may it be seen as a challenge, but breaking into the network of something like a certificate authority could provide access to many firms.
Hackers that have successfully breached a certificate authority could generate fake security certificates. This could facilitate man-in-the-middle (MITM) attacks and the theft of confidential information.
This is particularly potentially lucrative for cybercriminals and very risky for certificate authorities and other businesses involved in the security of others. A breach at this kind of company can be fatal to the business and have catastrophic consequences for its clients.
Since software vendors provide solutions for many businesses and store sensitive data, they are a prime target for cybercriminals. A large software vendor may store significant amounts of sensitive data, including access credentials and credit card information.
Even when this data is encrypted, sophisticated methods may be able to decrypt the data. An excellent example of the damage hackers can cause when they target software vendors is the SolarWinds hack in September 2019, which deeply impacted national security.
SolarWinds provides SaaS solutions for IT infrastructure, meaning they can access customer data, logs, and workflows. The attack on its software threatened the nation’s energy production and manufacturing, among other services.
Hackers stole applications used by ethical hackers and used them to deploy a digital supply chain attack. Via SolarWinds, Russian attackers compromised users of Microsoft environments, affecting government and non-government networks. About 18,000 SolarWinds customers were directly affected by this supply chain attack. Microsoft, Intel, and Cisco were affected by the malware.
Critical infrastructure affected by the attack included government agencies, including The Department of Energy (DoE), the National Nuclear Security Administration (NNSA), and even the Department of Homeland Security (DHS).
Point-of-Sale (POS) Systems
POS systems are at risk because they can provide unauthorized access to valuable, personally identifiable information, including credit card details, expiration dates, PINs, and CVV codes.
With sensitive information collected via devices connected to POS systems, threat actors can engage in identity theft to make fraudulent transactions. Malicious actors can compromise POS systems using handheld devices, payment terminals, or computers. They commonly use malware that they spread via an infected network, email, the web, or an infected device connected to the system.
The vulnerability exploited in a POS system may be a weak password or inadequate security measures, such as the use of unsecured Wi-Fi. A successful phishing attempt can also furnish a bad threat actor with the access credentials to access and compromise a POS system.
Motivations for Threat Actors
In addition to remediating vulnerabilities, tech firms must be aware of the cybercriminals interested in stealing their IP and sensitive data or causing business disruption.
Understanding potential attackers can help an organization defend against them and prepare a sufficient incident response plan.
Tech firms must prioritize protecting themselves from the following cybersecurity threats:
- Insider threat
- Cyber espionage
Insider threat is a major concern in the tech industry and more so than in most other sectors because of the combination of high-value intellectual property and very skilled technical personnel.
Not only do tech companies tend to develop and store valuable intellectual property, but they are also more likely to employ people to know what is valuable and use their technical expertise to steal it.
One of the major challenges of dealing with insider threats is that the threat actor has authorized access to the system or inside knowledge and trust. Privileged access credentials may give them ample opportunity to steal data, even without sophisticated methods.
Tech firms should consider why someone might want to steal or leak data. Insider threats often come from disgruntled employees who are unhappy with company policies or mistreated.
An insider threat might also come from someone influenced by an outsider. They could be paid by a rival firm, for example, to share proprietary information that could give the competitor an unfair advantage.
A nation-state-sponsored attack could aim to steal another nation’s technology and/or disrupt the company. With the right attack and technology, such a hack could affect critical infrastructure and destabilize the economy.
Motivations for insider threats might be financial or political. The insider may want to share secret knowledge with their friends. Once critical data is leaked, however, it can cause a significant loss of reputation and revenue.
Tech companies typically aim to release new products and services to provide cutting-edge solutions and improvements for their clients and customers.
Unfortunately, for a keen hacker, new technology is an unexplored landscape. It presents a fresh opportunity to find and exploit vulnerabilities. Hackers are competitive and excited to be among the first to break and break into new technologies.
Hackers may also target a tech business because of its ethics or management style. The firm's corporate culture, politics, and behavior can earn the attention of hacktivists who turn their attention to disrupting and destabilizing the organization.
Furthermore, it’s worth noting that hackers don’t necessarily work alone. Organized, determined hacker groups have the resources and organization skills to break into a company’s network using sophisticated methods. Moreover, they can launch potentially devastating coordinated attacks on multiple fronts.
The third of the most common cyber attackers targeting tech firms are those focused on stealing valuable intellectual property. Whether sponsored by a nation-state or a competitor in the same country, learning about other firms’ product development strongly motivates cyber criminals to breach data.
The cost of IP (and its theft) can be hard to quantify. At the least, it’s the sum of time spent developing a product or service and the expertise that went into the process. Lost IP can strip a firm of its competitive advantage, devalue its investment in product development, and potentially damage its reputation if the data is leaked to the public.
Cybersecurity Solutions to Protect Tech Companies
The assumption is that tech companies must have the latest cybersecurity solutions to protect them. This isn’t always the case. But tech companies indeed require robust cybersecurity frameworks because they are at higher risk of cyber attacks than companies in many other sectors and because their attackers are more likely to be highly motivated and skilled.
It’s worth remembering that data breaches are not always identified straight away. The average time to identify a data breach is 277 days. Removing the situation while attempting to minimize reputational damage and business disruption takes time and money.
Hackers can be so deep into a system that the business must temporarily shut down. Some firms offer compromised customers a year of free credit monitoring or similar deals to help them cope with the data breach and to go some way toward restoring their reputation. Both these solutions to a data breach cost a significant amount of money.
The first step to better cybersecurity is to use a risk management approach to understand the current state of the business’s security posture and then identify the risks that are most likely to occur and are the most potentially damaging.
A risk management approach should consider the potential impact of increasingly widespread and strict regulatory compliance requirements. It should also look at the business’s ecosystem to encompass third-party risks and supply chain risks. A typical tech firm is at significant risk of being impacted by an attack coming from one of its suppliers or business partners and being a vector for such an attack on its partners.
The technical ability and motivations of many hackers targeting tech firms are such that these businesses, in particular, need to be vigilant 24/7 to spot intruders to the network and unusual activity, whether internally or externally.
With so many reasons for people to attack them and so many ways for those attacks to take place, continuous monitoring is essential as part of a robust attack surface management program for tech firms.
Artificial Intelligence (AI)
With cybercriminals focusing so much time and money on tech firms, these businesses need to stay on top of the latest cyber risks. AI can help security services go beyond preparation for known threats and vulnerabilities. It can respond to emerging threats, adapting on the fly in real-time.
With an AI cybersecurity system that has received (and continues to receive) excellent, clean input data, a cybersecurity system can learn normal patterns and very quickly spot abnormal activity. This is essential for identifying and preventing data leaks and data breaches from insiders and hackers with significant motivation and resources.
The ability of AI to respond in real-time makes it excellent at identifying and responding to sophisticated and coordinated attacks, such as a distributed denial of service (DDoS) attack combined with a trojan-led ransomware attack.
Multi-Factor Authentication (MFA) and Password Protection Policies
This is a commonly mentioned cybersecurity practice due to its effectiveness. Whether considering small businesses with limited budgets or enterprise-level operations with more resources, ensuring proper authentication remains one of the most effective cybersecurity measures to improve a security posture.
Passwords, whether a part of an MFA system or not, need to be maintained and supported with clear information security policies that ensure they are strong passwords: unrepeated, unshared, changed periodically, and with appropriate permissions as determined by a privileged access management system to protect valuable intellectual property and mission-critical data.
MFA requires users to verify a second layer of identity authentication to access a network or part of a network, making it far more secure. While many passwords can be broken through brute-force attacks, 2FA or MFA can prevent most attacks from stealing credentials and logins.
With the potential for attack via point-of-sale systems and IoT devices, an effective way to protect connected networks is to implement network segmentation.
Whether for the tech firm or the firm using their products, network segmentation airgaps sensitive, valuable, and critical data from the rest of the network. Target data is stored on a separate network if a hacker accesses the network.
In conjunction with other security measures, such as strong authentication and firewalls, network segmentation can significantly reduce the risks of cybercrime and penetration of a firm’s attack surface.
Incident Response Planning
While it’s wise to attempt to avoid a cyber attack, businesses need proper incident response plans in place. In the event of a cyber attack — which is increasingly likely across all sectors — businesses with incident response plans can respond swiftly and effectively, which minimizes how long the hackers are in the system and demonstrates preparation and professionalism in front of customers, industry peers, and the media.