Organisations often imagine the source of cyber attacks to be far off and unrelated to them. The truth is many cyber attacks that threaten to bring businesses to their knees come from within.
A company’s employees are one of the most popular sources that cyber attackers use to penetrate an IT system.
The reason targeted phishing attacks like this are so common is that unsuspecting employees are unaware what these threats look like.
On the whole, when it comes to identifying fraudulent emails and malicious behaviour online, employees are left relatively in the dark.
>See also: Why insider threats are still succeeding
Many businesses are so concerned with the complexities of cyber security that they forget to take basic measures at the grassroots level.
Vast amounts of sensitive company data have been lost due to simple aspects of human error.
Instances of attackers using similar domain names and writing styles via email have been known to successfully target even the largest of companies.
Snapchat had its payroll information stolen in February after a hacker impersonated the platform’s chief executive, Evan Spiegel.
It seems almost too simple to be true, but all it took was for a cybercriminal to imitate the highest form of management to persuade a senior manager to release crucial data.
These types of threats are easy to avoid, but are often too obvious to be considered. As seen in the case of Snapchat, this is an issue that demands attention.
Thankfully, for companies concerned about the state of their cyber security, their greatest weakness can also be their greatest asset.
Creating a human firewall, where employees are trained and vetted around cyber security, is an invaluable way of substantially decreasing the risks of cyber attacks.
Ensuring that staff are not completely oblivious to the risks and methods of hackers can be the difference between keeping data private and laying it bare for malicious intent.
Of course, a human firewall can only protect businesses so far. Luckily, technologies are available for companies to get another layer of protection against these types of cyber threats.
>See also: Insider hacks vs. outsider threats: spending budget in the wrong places
For example, DMARC authentication works by determining the source of an email and if it does not align with what the receiver knows about the sender, it is flagged and can be binned before it reaches the victim’s inbox.
Recent research by Cyber Security Partners revealed that only 3% of the FTSE 250 currently uses DMARC to reject and quarantine illegitimate emails being sent on their behalf. This means there are vast amounts of company information that is potentially available to hackers.
Instances of large-scale hacks happen every year, yet there are still massive gaps in cyber security knowledge and implementation across UK companies.
Steps need to be taken to ensure the safety and privacy of businesses is at a standard deserved by their customers and staff.
Organisations should start building up their defences from within to avoid potentially devastating outcomes.
Sourced from Chris Underhill, chief technical officer, Cyber Security Partners
