- Get link
- Other Apps
- Get link
- Other Apps
When it comes to cyber threats, we usually talk about criminals who attack companies, but also private individuals. Your goal is to make money illegally. Another risk factor is threats that arise from negligent or malicious behavior on the part of your own employees.
According to the study
" Insider Threat 2018 Report ", the greatest risk
factors include the excessive number of users with excessive access
rights, an increasing number of devices with access to sensitive data and the
constantly increasing complexity of IT.
According to In the above study, two-thirds of companies consider malicious or accidental insider attacks to be more likely than external attacks. This should be true if the unwanted support of cybercriminals by internal parties is included. For criminals, employees are therefore one of the keys to money. They often use social engineering to motivate internal people, but also partners, to unconsciously bypass protective measures.
What Actually Is Social Engineering?
Social engineering is the art of getting someone to voluntarily do things that he or she does not want or should not do. In short, the art of hacking the human operating system. To this end, human characteristics and trained, socially recognized behaviors are used. For example, an attacker can take advantage of the willingness to help a supplier with a heavy package by disguising himself as a supplier and claiming that he has to hand over the package personally.A possible situation could play out as follows: Shortly before the end of the working day,
an employee is called from the supposed IT service desk. After work, all
devices are set up again and the system administrator needs the login
information to back up private content. The next morning you can log in
again with the existing password and then change the password for security
reasons.
With a little pressure to be able to enjoy the evening soon, the prospect of
good service, and a friendly voice, the fake service desk employee leads the
user to reveal their password. After all, you don't want to lose any data. Further
examples are grandchildren fraud or attacks with phishing emails.
How Can You Protect Yourself?
Good business processes, for example, help against internal perpetrators who, be it out of revenge against the employer or for any other reason, are aware of stealing business secrets, with appropriate controls, separation of functions and authorization management that restricts access to data according to the need-to-know principle, a lot has already been done.As a rule,
employees have no bad intentions against their own company. Internal cyber
threats can also arise through unintentional but negligent behavior. There
are various measures to protect yourself against externally motivated internal
people. Probably the most important thing is that employees, partners,
suppliers, and customers are aware of the threats and know how to react to them. Additional
protection is provided by technical measures such as sandboxes for testing
email attachments or isolated web browsers for secure surfing. Ideally,
various protective measures are combined in such a way that they protect the
company's crown jewels like onion skins.
Multifactor Authentication
Especially for web services, multifactor authentication offers an inexpensive and effective protective measure. It combines two or more independent proofs of authorization to access a system:- What
does the user know? -> Password, security questions
- What
does the user have? -> Security token, e.g. security card, pin via SMS
- What is
the user? -> biometric verification, e.g. fingerprint, iris scan
This
multilayered hurdle makes it more difficult for attackers to gain unauthorized
access to a system and to gain access to a company's valuable information.
Comments
Post a Comment