Who are you, again?

Who are you, again?

27th March 2020

Jack had posed ‘n arrived undisclosed
To fix the ‘faulty server’
‘Cos of a Clown the servers went down
He should not ‘v been let any further

If Jack was stopped, they would see he was lying
The servers would be fine
And the M.D wouldn’t be crying…

Now please excuse the cheesy rhyme, but I wanted to grab your attention…


We all fear the thought of ‘being hacked’ – but what do you actually class as hacking? If you were to picture a CyberCriminal, a ‘hacker’, what would you picture? An ingenious introvert sat in their run-down, one-bedroom flat wearing a black hoodie and a Guy Fawkes mask? In some cases, this could be true… But what if I told you they looked a little like the electrician who unexpectedly arrived to fix some cabling in the server room last week? Or the plumber who walked straight past reception last month to fix the toilet which you didn’t even know needed fixing? Oh wait, were those people actually who they said they were? Did that plumber even go near the toilets? I’m pretty sure he was spent most of his time near the server room…

But no-one said anything because he was wearing a high-visibility vest and tools on his belt – The uniform which grants anyone permission to anywhere, apparently… Did anyone even think to check? Well, that is an example of “being hacked”.

What is the point in spending thousands of pounds on firewalls, intrusion prevention systems, intrusion detection systems, anti-virus software, anti-malware software, or any other IT security system, if you’re not addressing and protecting the most vulnerable factor: People?

90% of data breaches are a result of Human Error

Let me tell you a little more about this…


https://www.techradar.com/uk/news/90-percent-of-data-breaches-are-caused-by-human-error

For decades, people have used social engineering to influence and persuade people to give away private/sensitive information. Almost 50% of calls made every day are fraudulent, these calls are a form of phishing – the most common of social engineering attack method. The same applies to fraudulent emails where end-users are led to believe they’ve ‘won £20,000’ or ‘the latest mobile phone model’ – the good thing is that people have been educated to recognise that these are fraudulent, and with the help of email spam filters, people are becoming more resilient towards these types of attacks.

But it’s a cat and mouse game…

As people and computers learn to deter cyber-attacks, cyber criminals become more creative, exploring newer, more complex methods that become increasingly difficult to deter.

Another form of phishing is known as ‘spear phishing’ – this is where an end-user is targeted specifically by the attacker. Cybercriminals will pay close attention to their target and carefully design their attack methods. In other words, if the target posts that they will be traveling to Paris on their social media, the attacker may send an email that appears to be from a colleague/friend saying, 'click this link for top 10 restaurants in Paris!’.

These are just some examples of how Cyber Criminals may use social engineering to compromise your company. Just remember: if you’re unsure, don’t give them what they want. Take a minute, put the phone down, check that calendar again, are they who they say they are? Am I allowed to give this information away? Criminals will always use social pressure to influence you to give away information.

Ollie
Written by Oliver Boughton-Thomas - Cyber Security Apprentice

Don't forget to check out our remote working packages here!