07-17-20 | Blog Post
“A coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools” said @TwitterSupport on July 15, 2020 describing the recent coordinated hacking that impacted accounts on the Twitter social media platform. The potential for damage as a result of this hack goes far beyond the estimated $120,000.00 in bitcoin deposited in hacker accounts. What other information is compromised in the user accounts; what other malicious activity may have occurred? While the root cause analysis of this hack continues and platform security questions abound, one immediate action item for all companies as a result of this issue is to assure that security hygiene is thorough, a matter of policy, and communicated to every employee, contractor, and vendor that in anyway touches your network or digital assets.
“More than 1 in ten employees fall for social engineering attacks” reads the title of a 2018 Computer Weekly article. Their conclusions weren’t supposition, they actually tested many of the known methods for social engineering with corporate employees. More than 3,300 social Engineering tests were performed on actual employees resulting in 17% of the targets taking an action that would have resulted in a compromise. Now let’s overlay that statistic on the hundreds of thousands of newly minted, global remote workers distributed due to the pandemic. The potential could be devastating. How devastating? In 2019, the FBI IC3 reportestimated Cybercrime damages in excess of $3.5B with $1.7B in adjusted losses contributed to Business Email Compromise. Another growing threat facilitated through social engineering, Ransomware with the 2019 impact projected at $11.5B. According to a recent GetApp survey “only 27 percent of companies provide social engineering awareness training for their employees.” Is your security, access, password, and social engineering policy and training complete? Has your business done all that is possible to actively minimize today’s Cyberthreats? Does your training contain the appropriate guidance for keeping your business and security policy fully compliant?
In the overall umbrella of network, access and data security, much is made of the technical elements of assuring patching and updates, antivirus and malware protection, network access control, etc. All of these items and hundreds more are extremely important to overall security policy, but with analysis showing that up to 90% of security breaches being caused by Social Engineering and Phishing, it becomes clear that one of the most effective tools in the business arsenal to limit cybercrime damage is security training. Broad, frequent, and updated security training that includes extensive, common sense discussions regarding Social Engineering prevention. A well-designed security training program goes well beyond password, device and access management by providing advice, examples and policy that convert your workforce from your largest threat vector to an effective first line of defense against the impact of Social Engineering. Whether your business designs and conducts its own security training or partners with one of the many Security Awareness Training companies, make the training effort a priority. Cybercriminals prefer nothing more than targeting business during a time of many distractions, 2020 fits that description very well.
If you’re looking for the expertise to advise your business on cloud services and the potential impacts that cybercrime can have on your business, Otava can help. Data Backup and Disaster Recovery plans are an essential component of business survivability should a security breach or cyber compromise occur. Consider our secure, compliant cloud solutions managed by a team of experts trained in the latest security best practices. Call 877-740-5028 or contact us to learn more.
Best Practices for the Remote Worker: Consider implementation of Zero Trust. Zero trust is an initiative to move from “trust but verify” to a “never trust, always verify” approach. In practice, this model considers all resources to be external and continuously verifies trust before granting only the required access. (Read more)
Cyber Attacks: Dangerous and Expensive Implications: The damage wrought by a cyber attack can be disastrous. How can you better protect yourself? (Read more)