You're probably familiar with the saying, "If you can't beat them, join them." The same philosophy applies to cybersecurity. To really get inside the mind of a hacker, you need to think like a hacker, otherwise known as "white hat" hacking. Malicious actors will search for the easiest way in and as you know, social engineering techniques are typically a piece of the plan. In other words, humans are easiest to hack.
Watching our Weaknesses
Skilled attackers are always paying attention to details. I recently read a story about an ethical hacker's shopping experience and it made me think about how often well-intended employees can fall victim to social engineering attacks. The individual was at a local superstore and as he was leaving the anti-theft detectors went off. Another customer arrived and she was returning an item. She was redirected to the customer service area. Meanwhile, the other guy was waved on with an apology for the inconvenience and he couldn't help but think, "How do they know I'm not stealing something?" Anti-theft detectors go off when an item passes the barrier but if you think like a hacker, a light bulb goes off at this time. You realize how to benefit from this vulnerability by getting an accomplice to help you navigate an attack. The system is designed to rely on the store employees to investigate when there are multiple customers present during the detector notification but because they also are very customer support orientated, they may trade security for customer service.
I Can Get Away with It
The majority of hackers do not think they will suffer consequences and often go after low-level employees because they think there is less risk of getting caught. This thought pattern makes sense because IT administrators and contractors tend to have direct access to servers and other systems housing sensitive data. Furthermore, these contractors or third-party vendors are an excellent choice because they do not work directly within the company, the standards of how they handle data more often fall short.
Malicious actors know that despite having heard that it's risky, employees still connect to public Wi-Fi. Have you watched the video clip of this 12 year old "cyber ninja"? Show your employees this video to change their mind about connecting to just any Wi-Fi. There's quite a few interesting videos on YouTube that illustrate just how easily social engineering can be pulled off allowing hackers a means in. A couple of other great examples that will leave you stunned are the video using crying baby sounds in the background as a means of persuasion and another video calling tech support to gain access to privileged information. The success of both experiments relies solely on taking advantage of people's good nature.
Think about how easy it would be to guess the answers to your password security questions simply by spending a little time researching a person's social media accounts. Moreover, consider how many of your employees share passwords across various applications. Malicious actors will use the tried and true methods first to break through.
TechGuard is offering a resource to help your employees protect themselves against social engineering attacks. If you would like our FREE Social Engineering Prevention Guide, please click below.
In it for the Thrill
Furthermore, ethical hackers will tell you they love the thrill and adrenaline rush of what they do. In fact, I've been told this by our very own at TechGuard. To protect your company it's imperative to think like a hacker. Hackers, both ethical and unethical are trained to think critically and on their feet when using manipulation. The best way to protect your company is to simply think about how you would gain access if you were in the shoes of the attacker. Hire an ethical hacker to find your weaknesses before somebody else does. To learn more about how TechGuard can use an ethical hacker or other methods to test how secure your employees behaviors are, email us at TGSCyber@techguard.com.
Techguard.com | 855.477.SHLD (7453)
Written by Michelle Stamps
Michelle has over 10 years of experience in marketing and business development across various industries including government and non-profit. Her background in writing, facilitating presentations and event planning allows her to use her creative skill-set and her relationship building skills strengthens her ability to understand the human element role in cybersecurity and to support positive behavior change. Whether she is out in the community, blogging or developing the next social post for TechGuard, she believes in telling the company’s story and uses relatable, real-life examples to connect with our clients. If you know Michelle outside of work, you would know that she loves sunny days and tropical places.