Continued from page 1
Gathering that intelligence is now easier than ever before. With social networks and other online tools providing unprecedented insight into an organisation and the people they employ, hackers can quickly build up a comprehensive picture of their target.
Armed with the information harvested from these sources would-be attackers have everything they need to breach an organisation’s network security. It’s that simple.
Having identified a target within a company, we now look at some of the most common means used by hackers to penetrate deeper into your corporate network. Understanding the methods used is critical to raise awareness and educate employees.
The above scenarios are not exhaustive, but a combination of these and others can be used to circumvent a network’s external security perimeter, leaving a clear path to the top of your business.
Typically attacks are motivated by one of three reasons; financial gain, competitive advantage or revenge. Having established a foothold into your corporate network, hackers can then focus on gaining access to their intended target, usually a c-level executive.
The most common means of achieving that is taking a clean document from your initial target’s computer, infecting it with a remote access terminal, and sending it back with instructions to forward on. Having received the attachment from a trusted source, the document is opened, installing its infected load on the intended target’s computer, creating a backdoor.
Having compromised the primary target, the hacker can access and download information held on the endpoint device, and no one is the wiser.
An organisation’s employees are a critical part of the security process as they can be misled by criminals or make errors that lead to malware infections or unintentional data loss. Far too many businesses do not pay enough attention to the involvement of users, when they should be the first line of defence.
To achieve the level of protection needed in today’s IT environment, security needs to grow beyond a collection of disparate technologies and, instead, be considered a business process with users at its core.
On-going training, coupled with a clearly defined security policy that’s well communicated, is critical to the education process.
Regular engagement with users will help raise awareness and create a more vigilant workforce. Increasing the knowledge about threats such as spear phishing will empower staff, enabling them to prevent and remediate security incidents in real
Terry Greer-King is UK managing director of Check Point.
Page: 1 2
China's BYD beats out Tesla in worldwide revenues with $107bn in sales for 2024, as…
Ubisoft and Tencent to create new joint-venture developing some of company's highest-profile games, including Assassin's…
American space agency prepares for testing of Boeing's Starliner, to ensure it has two space…
As UK and Europe develop closer military ties, European Commission says it will invest €1.3…
Zuckerberg seeks to revive Facebook's original spirit, as Meta launches Facebook Friends tab, so users…
Notable development for Meta, after appeal against 2021 WhatsApp privacy fine is backed by advisor…
View Comments
The human factor is so overlooked in so many cases, its quite disturbing.
Social Engineering as mentioned here is part of the issue yes as is poor policy, lack of education of policy and lack of resiliance. On occasion people just being daft too unfortuantely.
On the topic of Social Engineering - there is a blog post if it interests you http://wp.me/p1SUSa-5i