Exploiting the pandemic: hacker style

Workforce Holdings and our group of companies offers a wide range of leading human capital solutions. Our array of businesses are organised into clusters, and our Training and Consulting Cluster is of particular importance when it comes to upskilling.

Within the Training and Consulting Cluster, the Cyber Academy plays its part in protecting business, information, and livelihoods. The Cyber Academy educates everyone, from staff with basic technology skills to your expert IT specialists, on how to protect themselves and the business from criminals looking to gain illegal access. The certified and leading Cyber Academy courses help ensure that every employee is accountable and responsible in their use of company technology, protecting the future of business.

How worried should we be about hackers? Well, the global hacking crisis just got a whole lot bigger. With the introduction of extended work-from-home policies to mitigate the spread of the coronavirus, many employees are working away from the office and managed IT networks for the first time. This introduces a new attack-vector for cyber-criminals, fraudsters and con-men to exploit.

The US State department is offering ($10 million) R175 million rand to anyone who can catch hackers meddling in the US elections. When one reads a headline like this we often conjure up visions of hooded youngsters working on sophisticated computers with access to “the dark web” and much more in order to penetrate the most sophisticated secured IT infrastructures in the world. Intriguing? Always, this Spy versus spy stuff keeps many up at night hoping that the latest updates, patches and security products have been installed properly and will do the job you expect after you’ve paid thousands of dollars for it.

Well, does it help?

Of course, it is important. Taking care of IT security by using best of bread products is a practice that companies today should really invest in. If you don’t, well that’s a conversation you need to start having given the dramatic rise in global, regional and local hacking attacks. To add to this the problem has now gotten a lot more difficult to deal with. Today many hackers have changed their traditional weapons of mass destruction and developed social engineering skills that are often more sophisticated than traditional attack vectors used by black hat hackers. These criminal social engineers have more social skills and cunning and can easily trick even the most guarded and suspecting individuals.

Social engineering relies on the premise that the human being has a natural tendency to trust and to help. These noble and time honoured characteristics are now being exploited by cyber criminals in order to gain access to the company’s IT infra-structure rather than having to outsmart massive IT security teams, detection, intrusion and sophisticated software designed and developed to keep them out.

A carefully worded and well researched email, voice message or text message can convince people to change banking details, transfer money or clink on a link containing malware that can effectively use the hosts computer to paralyse the entire network. Some of the most prominent social engineering attacks include:

  1. Phishing attacks: using deceptive emails and text messages
  2. Spear phishing i.e. targeted attacks that developed by researching the target on social media platforms, befriending the individual and extracting information that will be used to trick the unsuspecting target.
  3. Identity theft: used by cyber criminals to pose as someone known to the unsuspecting victim in order to extract much needed information for the upcoming attack.
  4. Baiting: use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware
  5. Tailgating: is a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise. Tailgating provides a simple social engineering-based way around many security mechanisms one would think of as secure.

This list is endless and continues as far as the criminal mind and criminal brazenness will let it go. We’re often asked, what can I do to prevent this? Again, the answer is not simple. If there is fear, greed, curiosity, helpfulness and urgency the hackers will always have fertile ground to take advantage of. Companies need to realise that their staff need Cyber awareness training. There is no longer latitude to allow people to say I didn’t know or I wasn’t aware. Cyber awareness training is an essential tool in the fight to secure our companies most valuable assets. By talking about cyber security and social engineering companies can train staff to be vigilant cyber sentinels. One needs to remember that any successful intelligence operation prevents a plane from falling out the sky with no-one knowing about it so does the identification of a suspicious email or another socially engineered attack prevent a business from being destroyed.

Cyber training academy’s online training programmes: Meet the Hacker™ and Cyber Posture Analysis™ offer affordable, immediate protection by

  • Raising staff member’s awareness of the contemporary cyber threat landscape
  • Introducing the motives, skills, and techniques used by hackers
  • Evaluating their personal posture towards internet security

workforce

Your Turn To Talk

Leave a reply:

Your email address will not be published.