To read ‘Episode 1 – Understanding Ransomware’ click here
Further to the threat of ‘Ransomware,’ another massive area for concern when it comes to company cyber security is phishing and whaling. Phishing is a term you may have heard about before, it is simply described as when hackers send out fraudulent e-mails from accounts disguised as e-mail adresses the user would generally trust, e.g. a customer, colleague, or authoritative account like the government etc.
The malicious e-mail’s goal is to incite the user into clicking a link within the e-mail. If the recipient clicks the link, it will activate the malware stealing all accessible data from that user, and in some cases can spam your e-mail contacts also.
It goes without saying that the hackers are definitely to blame when it comes to phishing, they are the the creators and distributers of malicious e-mails, but we the users aren’t completely blameless, part of the reason why phishing is on the rise is down to ‘overconfident users.’ In a study by Dr. Zinaida Benenson, 78% of participants filled out a questionnaire in her study stating they were aware that clicking on links from unknown sources could be detrimental. This number, on the surface, was reflected in the first study where 20% of people reported clicking a link from an unknown search, when in reality actually 45% of people clicked a potentially malicious link. This is down to overconfidence on what people perceive to be a malicious link, and what they in reality can be delivered as.
Whaling takes phishing one step further, generally phishing targets the general public attempting to gain their personal details, whereas whaling targets high level individuals in organisations, such as bankers, government officials and other powerful executives. From these high level users it attempts to steal a wider range of sensitive data, like personal and bank details for all the employees, or other sensitive company information.
Everyone knows computers are vulnerable, we see it all the time in the news and media, but what most people don’t realise is that their smartphones and smart devices are vulnerable to malicious hacking also. In fact any device with a microphone or a camera, you need to be wary that these devices can be hacked, baby monitors, games consoles etc. Hackers find vulnerability in the system, whether it’s through a non-secure wireless transmission or a root through the internet, and once in can not only access your private files, but live access to devices like cameras, speakers and microphones.
This is not a new phenomenon, but through the introduction of devices that talk to each other, hackers can use that communication channel to find their way into your network. This is definitely an evident threat for home users, but this threat can spread the moment an infected own device logs onto a corporate network. When an infected device lawfully accesses the corporate network, as innocent as this connection is, it can be extremely detrimental to a company, as not only will it find its way onto the network, but will spread to every computer on the network.