We live in times when it’s become easier than ever for hackers to breach an organization through social engineering. Breaches are primarily caused by phishing attacks, representing a huge security problem for businesses.
But why is this type of cybercriminal so widely represented in the statistics? What is it that makes it so easy and so profitable for hackers? We might not like the answers. The ever-increasing connectivity and focus on people and data is leaving us vulnerable to malicious attacks. To protect your business, you need to start thinking like a hacker. Let’s take a look at how they infiltrate big business and what can be done about it.
How Social Engineering Works
Since social engineering relies on personal information hackers can find online, it’s pretty difficult to counter. Before; that required some digging on the hacker’s part – now all it takes is a data-matching service like Spokeo and PeekYou, and they get all the information they might need and more. Cross-matching public records is one thing, but employees also freely share a lot of information on social media. This personal info is then used to target employees within a company with malicious emails, by posing as a trusted individual. From there, all a hacker needs to do is convince an employee to click on a malicious link or perform a wire transfer.
Are Individual Threats the Same as Company Threats?
As we can see, cybercriminals can efficiently use your social media information to reach their desired target within your company. Does that mean company executives should stop using social media altogether, or ban their employees from sharing any work-related information?
The short answer is yes. The long answer, if not “yes,” is that there should be strict policies in place about the use of social networks and what can and can’t be shared. For example, if a company executive posts about being on a business trip, hackers take that as a signal to try and perform BEC. Anything an employee posts about work projects or people they spend time with in the office can help cybercriminals construct an elaborate and believable social engineering scam. It is why every employee must assume the whole world is watching them when they want to post anything work-related on social media.
The Frequency of Social Engineering and Phishing
It’s no accident that social engineering and phishing attacks are responsible for 95 percent of data breaches. They exploit what will always be the weak link in any company’s security chain–the people who work there. Relying on traditional protective measures such as firewall, antivirus, anti-spoofing techniques, etc. cannot stop all of these attacks. Education is vital for prevention, but with these scams getting more elaborate and difficult to spot, it doesn’t ensure safety.
Kim Del Fierro is VP of Marketing for Area 1 Security.