Two weeks ago, I essentially claimed that nearly every company I know is hacked -- and in many cases, thoroughly hacked. Although there's a bit of hyperbole in that statement, it isn't that far from reality. That statement, however, has led some readers to believe detecting hackers and preventing attacks is impossible. Nothing could be further from the truth.

Discovering malicious hackers

Despite what the movies show, hackers are never good enough to go unnoticed. Even the professionals hackers who are making millions of dollars really don't do much to stay hidden. They don't need to: Most admins aren't looking.

The Verizon 2008 Data Breach Investigations Report [PDF], which is quickly becoming one of the most respected sources on computer crime statistics, said it best: "Evidence of events leading up to 82 percent of data breaches was available to the organization prior to actual compromise. Regardless of the particular type of event monitoring in use, the result was the same: Information regarding the attack was neither noticed nor acted upon."

Your No. 1 tool for detecting malicious activities is your log files. Most admins don't turn them on, and those who do usually don't monitor them. Additionally, many companies only turn on logging on their servers, even though most of the malicious break-ins occur on their user's workstations.

The link for this article located at InfoWorld is no longer available.