The human firewall as a weak point
Global digitalization in companies continues to advance rapidly. Increasing cost pressure, growing competition from other countries, and the coronavirus pandemic are just some of the factors driving this development.
Nowadays, data is no longer exchanged only between systems such as servers, but also via email and increasingly via social networks. Even the content of telephone calls is often sent as data packets.
Mobility and access to company data from any location have become indispensable in day-to-day business.
Whereas in the past, company data was usually stored on servers in the company’s own buildings, today it is often “hosted” in data centers located all over the world:
A provider supplies all the technology, takes care of operations, and ensures access to company data at all times.
Increasing digitalization also brings with it growing dangers and risks for companies. They are supposedly more vulnerable to criminal attacks from outside, as the recent example of the Funke Media Group shows.
Human security vulnerability
As technical security solutions become increasingly complex and continue to evolve, criminal attacks are increasingly shifting their focus to people as the weak link and gateway into corporate networks, thereby circumventing technical solutions such as firewalls and antivirus programs.
The umbrella term for this type of attack is cybercrime.
50% of all attacks on companies exploit human vulnerability.
*Source: Economic protection in the networked world, bitkom 2020
IT security starts with the employees
Employees are the first line of defense against attacks from the internet. Many companies have already recognized this and are therefore investing significantly more in cybersecurity. Nevertheless, the number of attacks on organizations is also increasing. The human factor in IT represents a source of danger that should not be neglected.
Five decisive forms of attack
Phishing, vishing, smishing, social media phishing, and deepfakes are forms of attack used by cybercriminals to target people in cyberattacks.
Once the intruder has gained access to sensitive data, this is often only noticed when it is already too late. The extent of the damage to the network is often unknown. The result can be production downtime, high costs for rebuilding the IT system, damage to the company’s image, and even existential fears.
The types of attack explained briefly
Phishing
Phishing involves misleading people into sharing personal information, such as login details for a bank account, with criminals. Victims usually receive a deceptively genuine email asking them to log in to their bank account, PayPal, or similar service. The page linked in the email also looks so deceptively genuine that many people fall victim to this simple scam.
Smishing
Smishing is based on SMS and is therefore a modified form of phishing, essentially SMS phishing. Smishing involves sending SMS messages that essentially have the same goal as phishing:
Once the attacker has succeeded in opening the gates, they can then penetrate the company network via the telephone, for example.
Despite being declared dead many times over, text messages continue to thrive despite the increasing popularity of messenger services. Text messages still enjoy a high level of credibility today, especially among older people, and are often still used in emergencies.
Vishing
The most targeted and personal form of phishing is voice phishing, or vishing. One of the best-known examples of vishing is the so-called grandchild scam: older people receive a phone call describing a current problem involving their supposed grandchild and claiming that the problems can only be solved by transferring money. Although the calls are often made from abroad, certain country codes give the impression at first glance that the call is coming from Germany.
Social-Media-Phishing
Phishing via social media, or social media phishing, is an increasingly popular method of attack.
In recent years, there has been a rapid increase in the number of such attacks via social media or emails that pretend to have been sent by a social network.
This type of phishing can be further divided into spear phishing and account hijacking. In the former, attackers pose as fake customer support and respond to public support requests.
In account hijacking, dormant accounts are usually hacked and their passwords changed. The attacker then sends malicious links to the account owner’s contacts.
Deepfakes
Deepfakes create the illusion that the person seen in a video is actually speaking, when in reality it is an animation.
One of the best-known examples of this is the YouTube video “You Won’t Believe What Obama Says In This Video!” In the video, Barack Obama warns viewers from the Oval Office in the White House about deceptively real recordings. Halfway through the clip, the truth is revealed: it is not the former US president who is issuing the warning, but an animation of him.
What you can do as a company
Protect your company from these types of attacks and turn your employees into your strongest defense! You can protect your company by raising awareness among your employees and providing targeted training.
If you are interested, please contact the cit team:
Denis Seefeldt – Managing Partner
Tel. +49 531 180 59 332
E-Mail: d.seefeldt@cit-net.de
Michael Rode – Senior Consultant
Tel. +49 531 180 59 331
E-Mail: m.rode@cit-net.de
