Skip to Content

Six-degree hacker assessment: Is your information at risk?

January 8, 2021 Article 2 min read
Authors:
Joe Oleksak
There are six key layers of control separating your data from unauthorized access or hackers. It’s important for leaders to understand how effective each layer is protecting your organization.
Cybersecurity consultant working on laptop

Organization leaders and stakeholders are asking: “Are we vulnerable to hackers?” A six-degree hacker assessment will provide answers by testing each layer based on current hacking trends and real-world threat scenarios.

  1. Internet: Internet-accessible information and systems are the public face for every organization. Unfortunately, this information and these systems can be used by hackers to gain unauthorized access to your internal network, or worse, your most critical data.

  2. Social: Users are an organization’s critical line of defense in securing and protecting information and assets. They can intentionally or unintentionally pose a risk to an organization by not exercising due care. Social attacks target staff who do not properly understand their role and responsibilities regarding information security. Not to be outdone (but often overlooked), physical building and network controls are just as important for thwarting many common social attack organizers responsible for several recent well-known breaches.

  3. Peripherals: Today’s decentralized physical and logical security models give staff responsibility over critical physical devices and data 24-7 through firewalls and VPNs. Our mobile workforces are armed with laptops, mobile phones, and tablets, which if left uncontrolled, could result in a significant data breach. In addition, if configured improperly, our firewalls and VPNs create potential tunnels into the core of an organization.

  4. Passwords: Currently, passwords are the single most important line of defense when controlling access to data and systems. Passwords grant access to remote access VPNs, networks, applications, databases, and sensitive file shares. Practices of password sharing, password reuse, and poorly chosen word combinations have resulted in many of the breaches we hear about in the news on a daily basis. Password construction, use, and protection practices are, without question, one of the most important security control layers for organizations today.

  5. Systems & databases: Applications, databases, and network shares house critical organizational data, including security controls critical to protecting an organization’s vital data assets. Improper access controls, system configurations, older versions, or missed patches often result in unwanted holes, which if left unaddressed, can lead to a system compromise, or worse, a breach of critical company data or customer confidential information.

  6. Network: Networks allow users, customers, and vendors to communicate effectively and enable the business to operate efficiently. When designed with security in mind, networks can limit the ability for hackers, viruses, ransomware, and malware to move freely between systems. In addition, hackers compromise networks an average of 90 days prior to being discovered. Often, this is the direct result of weak or nonexistent detective controls. In today’s world, a proper network, one designed with security in mind, is essential for any company, regardless of industry.

Cybersecurity includes the application of administrative, technical, and physical controls in an effort to protect against threats to the confidentiality, use, and integration of technology throughout organizations. Today, those threats affect more than just IT, they affect the entire organization. With that in mind, an organization-wide security strategy is essential for the successful protection of confidential data throughout the organization. A six-degree hacker assessment can help you focus on developing solutions for the areas that present the most risk to your organization.


The key to stronger cybersecurity controls? Open conversation. 

Related Thinking

Two business professionals discussing strategic forecasting.
June 14, 2023

The art of optimized forecasting

Article 4 min read
Cybersecurity professional talking to colleagues about Microsoft 365.
May 23, 2023

Microsoft 365 & cybersecurity: Is your environment as secure as you think?

Article 5 min read
Factory worker & businessperson going over inventory in manufacturing facility.
April 5, 2023

The pros and cons of “friend-shoring” production

Article 3 min read