Are You a Hacker Helper?
Here you go, let me get the door for you. Are you looking for access to my company’s network? One moment, let me get those login credentials for you.
Of course, this sounds ridiculous. But in reality, it is exactly what is happening. Cybercriminals use advanced social engineering to get to the weakest link in any organization, and that link is the same at every business, in every vertical, in every market. Humans.
A recent study from Proofpoint found that in 18 months of researching attack trends, 99% of emails used to distribute malware required human interaction to click a link, open an attachment, accept a security warning, or perform another task. This leads cybercriminals to focus on targeting humans, not necessarily systems.
While it is C-level and upper management that has the greatest access to data, it is sales, marketing, and HR that are most easily found online through quick searches. Contact information for these “very attacked people” or VAPs, could easily be found for 36% of the linked identities. Corporate websites, social media, or other channels provided easy access to finding out who exactly they needed to contact, and how they could easily do it.
Once hackers have the contact information, they can use a barrage of methods to get to the person, often creating multiple methods of attack on the same person. Additionally, sending out group messages to common group addresses can target multiple users at once. And all that it takes is one HR person to fail the phishing test to HR@company.com and release hundreds of records on employee or client personal information.
This method often proves to be lucrative to exploiting a company, and with minimal effort going into the attack, the speed at which these attacks happen is also increasing. Maximum output for minimum input.
Protecting the human factor of a business is no longer limited to human resources, it has become equally as important in cybersecurity.