What do companies like Apple, Google, and Facebook do to prevent hacking?

 

 Good question. 

These mega giants (Google, Apple, Facebook, Amazon, Microsoft, etc) aren’t heard in the media for being rendered to cyberattacks. Their multi-billion dollar businesses rely on their tech innovations, so if any of that information is ever leaked, we’re talking about losing hundreds of millions of dollars.

So, what do these guys do to protect their secrets? Here is a list of just a few things that they actually do:

1.       They use sophisticated firewall systems.
They have a network of highly sophisticated and complicated firewalls to prevent hackers from compromising incoming and outgoing traffic. This is not your average Joe’s ZoneAlarm subscription—these are customized firewall systems that monitor incoming and outgoing traffic to block hackers’ attempts to enter company networks and web apps.

2.       They spend millions of dollars on a star testing team.
Each of these companies has in-house security teams that test and monitor their software. Anytime there is an abnormality in their systems, they have a team analyzing it and working around-the-clock to remedy the situation. This way, if a hacker ever somehow did make it through their intense firewall systems, they have a legion of engineers monitoring their first attempts and resolving the situation.

3.       They have physical security.
Remember the movie, Ocean’s 11? In order for the team to hack into all those casinos’ security systems, they needed to physically get inside the casino. Not all hacks can be successful without some physical effort—remember when “dumpster-diving hacking” used to be big? These successful companies make it policy to shred all company documents and use high-security when anyone enters their facilities. This way no questionable characters can enter their campuses.

4.       They buy a ridiculous amount of bandwidth.
This one isn’t as obvious, but to fight against DDoS attacks, they buy a huge amount of extra bandwidth. This is to mitigate the risk of a volumetric attack (i.e. DDoS attacks). I write more about this in a post on how to prevent DDoS attacks, if you are interested in learning more.

5.       They educate their employees about cybersecurity regularly.
This is often overlooked, but it is imperative to educate employees on how to have good cyber hygiene. Things like not e-mailing important customer info via e-mail, or even storing customer PII is often unknown by employees. These companies have mandatory training to ensure that each employee understands their responsibility in their company’s cyber welfare.  

These multi-billion tech businesses make it a company goal to have world-class cyber security. Amazon’s cyber security is so advanced that they even won a bid over IBM to build a cyber security team for the CIA. Their success depends on the level of their security, so of course they would spend hundreds of millions of dollars on it.

However, although small businesses cannot afford to spend millions of dollars on web security, the need for web protection is still the same. In my experiences, using a comprehensive web app firewall service as well as educating employees about good cyber hygiene is often enough protection.