There are two ways hackers can get into your company’s network — vulnerable technology or you. Well, not just you. It could be you, your CEO, or any of your co-workers.
Employees who fall victim to social engineering were responsible for 52 percent of the external attacks, according to a random sample of investigations conducted by F-Secure’s cyber security consultants analyzed for our new Incident Response Report.
Social engineering is the art of manipulating people into divulging information or performing actions that aid a hacker. You may be tricked into installing malware by clicking on an email or a web link. Or you could offer up your private identifying details, logins and passwords through fake login pages also known as phishing scams.
This isn’t to say that employees are to blame for the success of the majority of cyber attacks. We have to be safe 100 percent of the time; hackers only need to trick us once. And they’re getting better at it all the time.
Being aware of the threats we all face and can get in the way of us making a living is one way to manage one of the biggest vulnerabilities of all — our willingness to click on things.
If you work for a business that has any public profile, chances are you will face attacks on a regular basis. The bad news is the question isn’t if you’re a target, but how valuable of a target you are. The good news is that there are only a few reliable ways for attackers to fool you.
There are generally two types of attacks — opportunistic or targeted.
In short: Opportunistic attacks aim to hit anybody in your organization; targeted attacks focus their efforts on a limited number of “high value” people.
The report finds that if you’re going to get tricked into letting attackers into your network, it’s probably going to happen through email — either by getting you to click on a bad attachment or a link that leads to a phishing scam.
An “opportunistic” version of this attack aims to work on anyone. Thus it’s more generic and probably won’t specifically relate to your identity or job.
A “targeted” version may use your name and direct you to an attachment that relates directly to your job — like a contract or a spreadsheet with intriguing data promised inside. Or the email could be imitating the support team a service you use, like this infamous email that led to the hacking of Gmail account of Hillary Clinton’s campaign chair:
Being aware that hackers are always knocking on your network door through your email hoping you’ll let them in is the first step. Keeping yourself from clicking on bad links and attachments is next. That’s the hard part.
Learning how to spot phishing emails makes this easier. A tactic our experts recommend is switching to plain text email, especially when communicating with strangers. This makes bad links stick out like a sore thumb.
Unless you’re on your company’s IT team, you can’t secure your network’s technology. But you can, do your part to keep hackers out.
Good luck. Your company is depending on you. And if you get hacked, be sure you don’t make the problem worse.
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
March 22, 2018
When it comes to things that can connect to the Internet, you don't get much…
March 15, 2018