We write a lot on this blog about the different Social Engineering Techniques that are being used by bad actors today. We do this to educate you on the threats that are out there and the methods that these organizations will use to achieve their main goal: Steal sensitive information from your company!
At the end of the day, that is the only thing that matters to these criminals. This is a business with the goal of making money, much like your business has the goal of making money. The difference is that these bad actors prey on organizations to steal information and then sell it to even worse people so they can utilize it in some fashion. Some examples of this sensitive information might include:
Every year at about this time we hear of scams involving the IRS. These scams often include phone calls with bad actors pretending to be from the IRS saying that you owe taxes and if you don't pay on the spot, you will have a warrant issued for your arrest. While it is scary to get that call (nobody wants to get arrested), you should know that the call is fake and that the IRS will never call you and threaten you. They prefer to do the nasty stuff via the mail! But this is where this year’s attacks have gotten interesting.
Northrop Grumman, the enormous defense contractor that literally builds the Stealth Bomber, fell for a hack that resulted in 68,000 employees’ having their W-2 information stolen. How did this happen? A spear-phishing campaign targeted an employee at Northrop Grumman, tricking them into entering their username and password into a bogus form. The bad actors used these credentials for over a year to steal the sensitive information of the 68,000 employees. Yikes!
After 4 paragraphs and some bullet points, you might be asking yourself, "Why is he telling us this?" Great question and one that I am glad that you asked! To answer your question, I am going to pose a question to you first: If the company responsible for developing the Stealth Bomber can fall for a phishing attack, would you fall for one too? I don't know the answer to that question and I hope that you are never victimized like this, but the point is that you must prepare your staff for this type of an event.
What are some ways that you can prepare and educate your staff to reduce the risk of something like this happening? (Please note that I used the word reduce and not eliminate your risk. It is impossible to eliminate risk, you can only reduce your risk). Here are some tips you can implement today:
These are some tips for you to help your organization mitigate their risk of a breach. Want more tips and more examples? Register for our webinar on May 24th where we will present on many different social engineering techniques and what you can do to mitigate your risk and build that culture of security. Details are below as well as a link to register!
What: May Webinar - Social Engineering Techniques
When: Wednesday, May 24th @ 1:00 PM EST