Published on: October 07, 2016
BY GENADY VISHNEVETSKY
If you’re looking for the most vulnerable points of a network, you need only look in a mirror. According to Symantec, 97 percent of cyberattacks start with social engineering. That means cybercriminals are getting access to systems by deceiving individual users – you and your employees.
It shouldn’t be a surprise that the real estate industry is a common target. The wealth of sensitive information and financial data would be a boon to hackers looking to sell to the highest bidder. Due to the amount of money behind real estate transactions, the opportunities for fraud from wire transfers are robust.
For company leaders and security professionals, the exploits are countless: email phishing and pretexting are just a few. Once hackers succeed, attacks like ransomware to encrypt your data or Advanced Persistent Threats to exfiltrate your most sensitive records won’t be far behind.
Nowadays, attackers go the extra mile to do their due diligence. They will try to penetrate you at your business, but they know the levels of defense set by Corporate IT. They will use your personal social media accounts to learn about you, your friends and your work. To make the attack authentic, they will use information you post on social media in ways you would not expect.
For example, you brag on Facebook about the latest Samsung 70 inch 4K TV you bought on Amazon just in time for the Super Bowl. The attacker will send a spoofed email from Amazon with invoice, shipping and warranty information. The email will have an infected attachment or link to a malicious website. If you open the attachment, the malware will try to exploit the weaknesses on your computer. If you click on the malicious link, it may redirect you to a website that looks like Amazon and ask you to login. Once you type in your user name and password, you receive a warning that you mistyped your password and immediately redirected to the real Amazon site. You type it again and Amazon lets you in. You may think you just mistyped your password the first time – in reality, you just gave your user name and password to the malicious actor.
Adversaries use similar techniques to steal your work credentials by pretending to be your IT service desk or company related business. They want to get to your company’s crown jewels, and you are the path to get them there. They want you to be connected 24/7. They want you to use your work computer to connect to your personal social life so they can bridge that last mile to the data they want.
When it comes to cybersecurity, the old saying is true – you’re only as strong as your weakest link. So what should you stress to all members of an organization to protect our companies against cyberattacks? Keeping it simple can go a long way to helping your employees understand their role in keeping your company secure. If you’re expecting something more complex, think again. While many of these may seem “too simple,” we find that employees are still making the same mistakes.
Moreover, it’s critical to ask yourself some of the following questions when you get an email you are suspicious of.
People are the weakest link – either by not knowing, not taking the time or just plain neglect. The importance of following through with the simple cannot be overstated. To protect our data, we must do the little things to ensure the protection of our companies, customers and people.