We talk all the time and hear in the news all the time about recent attacks that take place. Whether it is stolen credit card data or the latest strain of Ransomware that hits the market, most of the news that we hear has to do with bad actors stealing information from the outside. But what about the folks on the inside? I am not talking about Social Engineering where employees are "tested" to see what information they will provide or what links they will click on. These instances come down to a lack of training and in most cases, employees just "going with the flow" and not questioning anything. That is different. This post is addressing policies and procedures to protect your data from both accidental leakage as well as intentional exposure.
For those of us in the Information Security world, we hear terms thrown around all the time that are often interchanged, confused, and sometimes misused. One of those terms is Social Engineering. On the surface, this is a confusing term that doesn't appear to have anything to do with Information Security but in fact, it has everything to do with Information Security. In the last blog post that we wrote, we defined Social Engineering. In this post, we are going to talk about some of the different strategies that hackers use to gain access to your company's most sensitive data by exposing your number one asset: Your employees.
The last several years in IT Security have been full of surprises as well as the fulfillment of predictions that have been made. If you recall back to 2014, the famed credit card breaches that took place were predicted by most and ultimately held true to form. We had a rash of major breaches, including Target, The Home Depot, Michael’s, and many others that took place, resulting in the theft of hundreds of millions of credit and debit cards.