The Perps Behind Cyber Crime May Not Always Be Who You Think
Have you heard of social engineers?
You may imagine them as professionals who bring people from different backgrounds into fellowship for the greater good, possibly redesigning urban or suburban areas to accommodate the societal changes that have taken place over the past decade.
Social engineers are technical professionals who specialize in hacking into the IT infrastructures of businesses. When someone mentions the word “hacking,” we generally envision nefarious computer geeks somewhere in the ether writing and ping-ing firewalls with sophisticated algorithms to launch cyber attacks. Social engineers take more simple, people-oriented approaches.
In her post for CNN Money, Erica Fink reports just how easy it is for a social engineer to hack into computer systems. What she discovers is more than a bit unnerving. Watch the video and you’ll see what we’re talking about. A preview: one of the social engineers she interviews gets access to a company phone number, calls tech support about a website he can’t access. The tech can access the website in question with no issues and, after a “man, you’re the best” and “thanks, buddy,” BAM! The social engineer now has access to the tech support guy’s computer. Frightening.
While social engineers are a huge concern, an even bigger threat to cybersecurity exists inside organizations. In Scott Weber’s commentary posted on Fortune’s Insider Cybersecurity section, he mentions a 2015 Intel Security study found 43% of all data loss occurs because of insider risk. Weber also references a Symantec survey in which 50% of employees who leave their jobs take secure information from their current employer with them. 40% of study participants also stated they plan to use the information for their new job. More than half of employees surveyed didn’t know they were committing a crime by sharing information considered trade secrets.
These, coupled with “traditional” cyber attacks, are glaring reasons why robust internal and external controls in every organization are vital. Unfortunately, trying to cover up breaches of any kind is the path most businesses take. Whether it’s out of embarrassment, or due to lack of resources needed to develop cybersecurity controls, it doesn’t matter when data loss happens.
Using Ncontracts’ BCP solution, Ncontinuity, clients create robust business continuity planning to mitigate risks internally and externally. Ncontinuity includes business intelligence for addressing BIA’s, risk assessments, and monitoring plan status. Add to that plan navigators for step-by-step guidance in building and maintaining enterprise-wide plans and support for third-party IT BCP resiliency in accordance with Appendix J, among other functionality, and your business continuity planning achieves regulatory compliance and safeguards critical operations.
Don’t wait until disaster strikes. Request a demo today.