Security: How Can You Patch People?

If there’s one thing the big security breaches of the past few years have taught us, it’s that employees are just as critical to network security as technology.

Organisations often overlook the human fallibility factor and don’t train or engage their workforce in helping protect their sensitive information. This is the case despite heavy investment being made in the deployment of point products used to guard corporate networks when, in fact, combatting a wide range of security threats requires a strong combination of technology and user awareness.

Human targets on the rise

Hacking techniques that focus on exploiting employees, such as social engineering, are certainly on the rise. Nearly half of UK enterprises have been the victim of 25 or more such attacks in the past two years, with spear phishing via email and social networks being the most common attack vectors. At an average cost of £15,000 per incident this is a threat businesses can ill-afford to ignore.

Driving this trend are two main factors. First, for many UK employers, there is a lack of policy guidelines or employee training programs in place. And second, there is a rise in the number of social media platforms now available – each providing a wealth of on-tap information about individuals and the organisations they are employed by. With this information, hackers create profiles on people, customising target attacks to create new entry points into an organisation and increasing the likelihood an attack will succeed.

Once inside, the hacker can use a series of tools to work their way up the food chain to board-level staff, giving them unrestricted access to commercially sensitive data. But how do these attacks happen and what methods do hackers employ?

Social networking reconnaissance

Unlike a brute force through the front door approach, social engineering attacks require more finesse and planning. Surveillance is the key to knowing a potential ‘mark’ and provides would-be hackers with answers to critical questions including:

  1. Key personnel – who are the gatekeepers?
  2. Security policies – what does the organisation have in place?
  3. Encrypted traffic – is outbound SSL traffic allowed out of business hours?

Continued on page 2

Page: 1 2

adminuk

View Comments

  • The human factor is so overlooked in so many cases, its quite disturbing.
    Social Engineering as mentioned here is part of the issue yes as is poor policy, lack of education of policy and lack of resiliance. On occasion people just being daft too unfortuantely.
    On the topic of Social Engineering - there is a blog post if it interests you http://wp.me/p1SUSa-5i

Recent Posts

BT Identifies 2,000 Potential Cyberattacks Signals Every Second

Level of cyberthreats revealed, after BT says it spots 2,000 signals of potential cyberattacks every…

2 days ago

CMA Cites Higher Prices Post Vodafone, Three Merger, Demands Changes

The British competition regulator has provisionally found competition concerns over Vodafone’s planned merger with Three…

2 days ago

Microsoft Cuts Hundreds Of Gaming Staff

Post Activision - Microsoft Gaming confirms it will axe 650 employees, after thousands of job…

2 days ago

SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

Billionaire Jared Isaacman and SpaceX’s Sarah Gillis become first non-professional astronauts to carry out risky…

3 days ago

Government To Classify UK Data Centres As Critical Infrastructure

Data centres in the UK are to designated as Critical National Infrastructure (CNI), alongside energy…

3 days ago

Irish Watchdog Launches Inquiry Into Google AI Model

Google's protection of EU users' personal data when training its AI model, is under investigation…

3 days ago