Good Insights From The (Almost) Bad Guys
With more and more data stored online these days, hackers have plenty of reasons to attack company networks to modify or steal data and even hold it for ransom. Cybint Solutions , a cyber security and legal support organization, estimates that a cyber attack happens every 39 seconds. This means that companies and websites are being bombarded by malicious users. It’s easier for information security professionals to thwart these attacks when they are launched head-on from the outside. Unfortunately, more and more attacks are occurring on the inside through social engineering, which makes them harder to predict and prevent.
Social engineering is a hacking method that tricks unsuspecting users into sharing information or completing a desired action, such as clicking on a link or downloading a file, that helps the hacker gain access to a network. Social engineering is not necessarily limited to the cyber world — think of the scams where thieves call individuals to have them verify personal information or send money — but it probably is the most prevalent online because of the sheer volume of online interactions that occur each day. An individual might see a weird phone call as a red flag, but a prompt to click on a link or even enter a password can seem more commonplace. This trust gives hackers the opportunity to infiltrate a company’s network.
According to Norton, hackers use a variety of social engineering tactics to trick users, including
- Spearphishing, which involves masquerading as a trusted source and sending an email to victims asking them to click on a link or enter some information
- Baiting, or leaving a malicious USB with a virus and an enticing outer label in an office to tempt someone into plugging it into a computer
- Email hacking and contact spamming, or breaking into a user’s account and spamming his or her contacts with a malicious email
Once hackers have the access they need, they can join a company’s network and launch an attack from the inside. Approximately 60 percent of attacks happen from inside a company’s network, according to IBM’s 2016 “Cyber Security Intelligence Index .” Of these, three-quarters are committed by malicious insiders while the remaining quarter is facilitated by unsuspecting users who fell for a social engineering tactic.
To protect their companies, IS professionals need to train their coworkers about cyber security and the dangers of social engineering. By teaching people to recognize the most common tactics and to speak up if they see something fishy going on, IS professionals can protect their companies from getting duped by hackers.