A professional hacker – who has gone straight and now goes by the job title of “Ethical Intruder” – lays out the truth with this simple statement: “Take it from a hacker, we are not trying to break in through your next-generation firewall when we can simply ask your users for credentials.”
The sloppy, ill-informed, or unthinking release of credentials – the user names and passwords that permit access to your cyber files online – by employees or vendors is the digital equivalent of holding the door open for a thief to stroll into your sensitive operations with little or no resistance. In the parlance of cyber security, the ways in which legitimate users either control or surrender control of their credentials is known as “Social Engineering.”
Social Engineering typically is seen within organizations as either an IT issue or the responsibility of Human Resources. At its core, Social Engineering is a behavioral and awareness issue that hackers know is the easiest and quickest way to crack a cyber defense and avoid detection.
This has become an even more prevalent problem during the COVID-19 pandemic. Attackers have increased use of their predatory skills against unwitting employees, who simultaneously have become more susceptible to clicking on or downloading files by providing their credentials on nearly anything related to the pandemic.
Entering this commonplace, yet incredibly valuable, information without giving a second thought as to who else might be watching can spell real trouble down the line.
It becomes incumbent on employers to educate and enforce standards regarding the unauthorized or uncontrolled use of employee credentials. This single step can actually become one of the most effective ways to convey the very real threats that exist, and to tighten up the business’ cyber security protection.
Copyright 2021 The Reschini Group
The Reschini Group provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.
Cybersecurity Resources from The Reschini Group
- Risk Insights – Social Engineering reinforces the information in this article and provides resources for you to share with you staff: Risk Insights – Social Engineering
For more information on cyber security safeguards, contact The Reschini Group today.