Continued from page 1
Gathering that intelligence is now easier than ever before. With social networks and other online tools providing unprecedented insight into an organisation and the people they employ, hackers can quickly build up a comprehensive picture of their target.
Armed with the information harvested from these sources would-be attackers have everything they need to breach an organisation’s network security. It’s that simple.
Having identified a target within a company, we now look at some of the most common means used by hackers to penetrate deeper into your corporate network. Understanding the methods used is critical to raise awareness and educate employees.
The above scenarios are not exhaustive, but a combination of these and others can be used to circumvent a network’s external security perimeter, leaving a clear path to the top of your business.
Typically attacks are motivated by one of three reasons; financial gain, competitive advantage or revenge. Having established a foothold into your corporate network, hackers can then focus on gaining access to their intended target, usually a c-level executive.
The most common means of achieving that is taking a clean document from your initial target’s computer, infecting it with a remote access terminal, and sending it back with instructions to forward on. Having received the attachment from a trusted source, the document is opened, installing its infected load on the intended target’s computer, creating a backdoor.
Having compromised the primary target, the hacker can access and download information held on the endpoint device, and no one is the wiser.
An organisation’s employees are a critical part of the security process as they can be misled by criminals or make errors that lead to malware infections or unintentional data loss. Far too many businesses do not pay enough attention to the involvement of users, when they should be the first line of defence.
To achieve the level of protection needed in today’s IT environment, security needs to grow beyond a collection of disparate technologies and, instead, be considered a business process with users at its core.
On-going training, coupled with a clearly defined security policy that’s well communicated, is critical to the education process.
Regular engagement with users will help raise awareness and create a more vigilant workforce. Increasing the knowledge about threats such as spear phishing will empower staff, enabling them to prevent and remediate security incidents in real
Terry Greer-King is UK managing director of Check Point.
Page: 1 2
US prosecutors confirm earlier reports, demand Google sells off Chrome web browser and end default…
Following Australia? Technology secretary Peter Kyle says possible ban on social media for under-16s in…
Restructuring expert appointed to oversea Northvolt's main facility in northern Sweden, amid financial worries
British competition watchdog decides Alphabet's partnership with AI startup Anthropic does not qualify for investigation
Possible sabotage? Two undersea cables in the Baltic sea have been severely damaged, triggering security…
US Justice Department to ask Judge to force Google to sell off its Chrome browser,…
View Comments
The human factor is so overlooked in so many cases, its quite disturbing.
Social Engineering as mentioned here is part of the issue yes as is poor policy, lack of education of policy and lack of resiliance. On occasion people just being daft too unfortuantely.
On the topic of Social Engineering - there is a blog post if it interests you http://wp.me/p1SUSa-5i