When people think about “hackers”, they picture the typical hooded figure furiously typing on a keyboard to break into networks. But what is a hacker, really? According to the Urban Dictionary, a hacker is a person skilled with the use of computers that uses his talents to gain knowledge, either for the enjoyment of exploration (like our team at BlueTeam Networks), or in the sense we are talking about in this blog, to find and exploit weaknesses in a system.
However, this kind of hacking doesn’t always require guessing passwords or exploiting unpatched machines; it can often be targeted social engineering! Social engineering means an attacker uses human emotion like urgency or fear to trick the target into performing an action, such as sending the attacker money, divulging sensitive customer information, or disclosing authentication credentials. And a hacker doesn’t have to be right here in Ohio to do it, they can be anywhere in the world!
Common examples of social engineering include identity theft through phishing emails or texts, or vishing (i.e. phone scams) among others. Over 70% of data breaches start with phishing or social engineering attacks. *
Let’s think like a hacker! Here’s an example:
- Imagine you were to target your own company. How would you do it?
- You could look up your business on Google or LinkedIn to see who the decision makers are.
- You might find a decision maker in your own company you can target!
- You can create a free email through Gmail, Yahoo! or any email provider, and send an email to that decision-maker “pretending” to be yourself.
- You can try to trick that decision maker into sending sensitive information, changing accounting information, or other activities that would leave your business vulnerable.
How long did that take?
Now, imagine that was your full-time job! How many people do you think you could trick into opening up their bank accounts or giving up sensitive information that could be sold to the highest bidder? That is exactly why cybersecurity is such an important topic.
If your business has:
- Employee Cybersecurity Training to avoid social engineering
- Spam Filtering that can block spoofing
- Data Loss Prevention that prevents sensitive information from leaving the company
You’re significantly less likely to have an incident occur! We offer cybersecurity consulting and all of the above services here at BlueTeam Networks. Instead of ignoring the problem and leaving your most important assets vulnerable, reach out to our team of experts to take control of your cybersecurity.
*“What is Social Engineering?”, proofpoint