1 of 7Image
No one wants to think about the idea of their company's customer data, infrastructure, IP or network security as the full-time target for hired-gun hackers, government spies or crime syndicates around the world.
Unfortunately, it's true. Your most vulnerable point of attack is often the people you trust the most: your employees.
By the standards of today's black market for thieves, your employees are in the crosshairs for some of the most serious attacks on your company. A new report from RAND Corporation "Markets for Cybercrime Tools and Stolen Data" (commissioned by Juniper Networks) explains that in addition to unpatched vulnerabilities, the human element will continue to increase as the weak point for attacks.
Updates, you can do. Vulnerabilities can be patched. But people... are people.
The majority of successful security defeats are phishing attacks, where the victim clicks a link or downloads an app or attachment that infects...anything it wants to. And a phishing attack can to a lot of damage.
One email spiked with innocuous-looking malware to a vendor cost Target an estimated 40 million credit cards and 70 million user accounts, which were hijacked and sold on the black market within days. Target's December disaster came from a phishing attack sent to employees at an HVAC firm it did business with.
What's worse, employee-targeted attacks, when successful, often go undetected until it's too late. According to Inside the Hacker's Playbook.
76 percent of breached organizations needed someone else to tell them they've been hacked. Employee awareness could be worth more than the latest anti-malware software, and will save you millions in the race to prevent cyber theft. (Trustwave, 2013)
Each of the following pages show ways hackers can access critical information from a company's employees:
The Front Page News Attack
Right now, phishing is among the primary ways unwitting employees are used to attack your company. Phishing attacks are currently sophisticated in a few very specific ways, and RAND's report tells us that phishing is only going to get more sophisticated as the black market for cybercrime matures.
Today's typical phishing attack is an email disguised to look familiar, fooling the employee to click on a link or download an attachment. But the trend for cyber criminals is exactly that: popular trends, and most especially front-page news.
RAND explains the black market trend in news-item phishing, which often play on emotional events. "Different pieces of the market react differently to outside events (e.g., natural disasters, revelations to Wikileaks, or releases of new operating systems).
Front-page news items are often used in spear-phishing campaigns (e.g., "click this link to donate to victims of Haiti earthquake") raising the number of potential victims."