There’s one thing in IT security that cannot be patched as many other vulnerabilities: human beings. And as far as the ‘human factor’ is much of a concern, it is our responsibility to educate and protect our employees, customers and businesses from hacks.
Data Breach and Social Engineering
Data breach stands for the unsolicited phishing and stealing of companies and people’s most treasured data, such as personal information or bank account credentials. According to a research conducted by IBM there has been a 23% increase in the amount of data stolen from vulnerable and unsuspicious people since 2013. Which is indeed a striking difference that calls for an immediate resolution. Furthermore, a U.S. 2014 survey says that 31 % of Small and Medium Sized Business do not even have a contingency or breach plan when it comes to cybercrime. It is significant to note that these data retrieval issues mainly stem from the art of social engineering or from crimes conducted by automated botnets.
I will let the numbers talk for themselves. Based on the survey of Identity Theft Resource Center, 22% of our precious data has been stolen by bruteforce attacks, 12% of it got in the wrong hands due to accidental exposure, while 11 % of data breach results from the misuse of our personal data by 3rd parties or subcontractors. What is even more terrifying is the fact that 80% of these cases are tied to human negligence. Are we really this unconcerned about our sensitive data available online or something different lies in the background of the issue?
Most people who use the Internet are aware of the possible threats of hackers, but we tend to have false confidence in our used softwares or in our knowledge. The best way to cope with this branch of cybercrime is to raise awareness and educate people on the tricks of hackers and equip them with the necessary means to fight against them. For instance, if you are an employer in a company which is involved in IT you should put extra emphasis on the development of your employees in this regard. It is not enough to hire them and place more and more responsibilities on their shoulders, but what is more important is to make them ready for any possible phishing issue. This way, the company will be more effective and appealing to customers because of the high security.
How to avoid these incidents?
First of all, you should employ strong security policies within the company, and prohibit employees to use repetitive passwords. A great way to solve this issue is the application of LastPass, which can be used as a plugin in browsers. It is easy to handle and you only need to memorize a really strong and varied password which is the access password for the plug-in. After this the software will memorize all your other log in credentials if you wish it to do so. Moreover it can create numerous passwords from random characters for your account, which are harder to get than the ones people usually find out for themselves (e.g. passw0rd, letmein, 12345 or admin123).
Secondly, people should not open phony emails, even if the subject line looks legit. We need to be very alert when it comes to downloading anything from emails or from the web such as pictures, movies or videos, because malicious scripts may be embedded in them and as soon as we download it, the infection has already been done and our infrastructure has been already infected. In addition to the installed malwares on your computer, hackers may easily get access to your log-in credentials by making you to open certain links or webpages. As a result, if they attempt to retrieve your FTP password he/she can easily temper with your whole server without you noticing it, if you do not have complex defense systems designed to fight against attacks like this, just like BitNinja.
Apart from the new technological improvements, employers need to focus on the employment and practice the breach plans, because if once employees are aware of the possible threats and know how to deal with them, the resolution of highly dangerous issues will go without saying. Additionally, companies should invest in the latest softwares, which aim to provide protection from the bad guys. If we take a look at the above mentioned numbers, it looks like it is something worth spending money for.
Besides automated attacks, there is another threat. Social Engineering is the art of manipulating people in order to give up their confidential personal information. This time, hackers do not apply any targeted malware to get the required information, but use our gullible and trustworthy natural inclination as a foundation. Why would they start writing malicious scripts to get data if they are able to ask for it?
There are several forms of Social Engineering. The first one is the common practice of getting someone’s email or social media credentials and contact their friends in order to ask for financial help. In this case hackers usually invent unfortunate situations where they need support from their friends, e.g. stolen ID and luggage in a foreign country and need money to travel back home. All kindhearted people are inclined to help a friend in need. There are other forms of this common attack, when hackers who claim to be your friend, send you a link of a funny video or an interesting website, or may send you a downloadable file for a movie or picture. When you click on these files the malware starts to work instantly and compromises your computer or steals your log-in credentials in a blink of an eye.
Another type is the phising email, which is usually sent by innocent-looking or existent banks, institutes or companies. In these emails they state a problem they have found regarding your account or registration, whatever. In order to solve the issue they ask you to verify your personal information. The naïve and scared client will fill out the required fields with the highly confidential data without suspicion because they assume that something troublesome happened to their account. Another example for phising, is when you get emails that you are a winner of some lottery or game. Although, this is no longer such a big threat for us in the past years, because hackers noticed that we got more conscious about these attempts. Thirdly, there are emails in which legitimate organizations or friends ask you to join a non-profit organization or send charity and monetary aid for a good cause.
And the enumeration of these tricks just goes on and on. Another type is baiting, when hackers create responsible, trustworthy pseudo users on torrent websites or on peer-to-peer webshops. They create a 5-star rating for the client that awakens the sense of reliability in the customer towards the seller. Although, if you buy from these “people” you usually will not get the awaited item or what is even worse, hackers can get a grasp of your bank account or credit card credentials.
But, do not panic. The solution is not as difficult as you may think. With a little more awareness, knowledge and attention, all these aspects of cybercrime can be eliminated and alleviated. These are the best practices you can do if you do not want to fall prey to these traps.
You can follow the easy instructions provided by webroot.com:
- Chill Out – Think before you act. Hackers expect you to react to their sent impulses in the matter of seconds, without hesitation, which usually result is the opening or downloading of malicious contents.
- Research Facts – Do not click on the provided link, but conduct your own research. Try to reach the website from your Search Engine. Be suspicious.
- Delete any request for financial information or password.
- Reject requests for help or offers of help. If you receive an email from a friend, make sure that the provided circumstances are indeed real and try to contact the person in question.
- Beware of any download.
- Set your spam filter to high. This way you can avoid the unwanted spam emails from anyone.
- Secure your computing device with the most recent and up-to-date softwares.
BitNinja is an easy-to-use server security tool which protects your servers/websites against 99% of cyberattacks.