How Hackers Infiltrate Big Businesses And What Can Be Done About It

Focus on people and data to protect your business

We live in times when it’s become easier than ever for hackers to breach an organization through social engineering. Breaches are primarily caused by phishing attacks, representing a huge security problem for businesses.

 

However, why is this type of cybercriminal so widely represented in the statistics? What is it that makes it so easy and so profitable for hackers? We might not like the answers. The ever-increasing connectivity and focus on people and data is leaving us vulnerable to malicious attacks. To protect your business, you need to start thinking like a hacker. Let’s take a look at how they infiltrate big business and what can be done about it.

Since social engineering relies on personal information hackers can find online, it’s pretty difficult to counter. Earlier, that required some digging on the hacker’s part – now all it takes is a data-matching service such as Spokeo and PeekYou, and they get all the information they might need and more. Cross-matching public records is one thing, but employees also freely share a lot of information on social media. This personal info is then used to target employees within a company with malicious emails, by posing as a trusted individual. From there, all a hacker needs to do is convince an employee to click on a malicious link or perform a wire transfer.

As we can see, cybercriminals can efficiently use your social media information to reach their desired target within your company. Does that mean company executives should stop using social media altogether, or ban their employees from sharing any work-related information?
The short answer is yes. The long answer, if not “yes,” is that there should be strict policies in place about the use of social networks and what can and can’t be shared.
 
For example, if a company executive posts about being on a business trip, hackers take that as a signal to try and perform BEC. Anything an employee posts about work projects or people they spend time with in the office can help cybercriminals construct an elaborate and believable social engineering scam. This is why every employee must assume the whole world is watching them when they want to post anything work-related on social media.

It’s no accident that social engineering and phishing attacks are responsible for 95 percent of data breaches. They exploit what will always be the weak link in any company’s security chain – the people who work there. Relying on traditional protective measures such as firewall, antivirus, anti-spoofing techniques, etc. cannot stop all of these attacks. Education is vital for prevention, but with these scams getting more elaborate and difficult to spot, it doesn’t ensure safety.

Wouldn’t it be wonderful if you didn’t have to worry about phishing? Good news, the worrying stops today. With the ever-increasing focus on people and data, businesses are leaving themselves wide open to hackers. In those circumstances, there are two options – limiting the information hackers can get about you on social media, or investing in preemptive and comprehensive phishing protection.