{"id":141577,"date":"2016-10-28T08:33:30","date_gmt":"2016-10-28T06:33:30","guid":{"rendered":"http:\/\/businesstech.co.za\/news\/?p=141577"},"modified":"2016-10-28T08:33:30","modified_gmt":"2016-10-28T06:33:30","slug":"expert-tips-to-protect-your-organisation-from-people-hacking","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/industry-news\/141577\/expert-tips-to-protect-your-organisation-from-people-hacking\/","title":{"rendered":"Expert tips to protect your organisation from \u2018people hacking\u2019"},"content":{"rendered":"

91% of Cyber-attacks start with an email<\/a>, and the people in your organisation are your weakest link.<\/p>\n

Companies are being attacked by malicious cyber criminals with more frequency and sophistication than ever before, said Jenny Radcliffe – aka \u2018The People Hacker\u2019.<\/p>\n

Speaking that the Mimecast 2016 event, Radcliffe explained that these attackers are becoming more adept at getting people in organisations to help them circumvent security controls.<\/p>\n

\u201cSecurity technologies are becoming more and more effective, and as a result, social engineering attacks are becoming more complex than ever before,\u201d she said.<\/p>\n

Social engineering is aimed at exploiting people as the weakest link in the information security chain.<\/p>\n

\u201cPeople are easier to hack than technology is, and we are seeing a new breed of attackers who appear to be trained in psychology.<\/p>\n

\u201cThey are using that to get people in organisations to help them circumvent security controls.\u201d<\/p>\n

This approach can take many forms, including physical access to buildings, email phishing and telephone calls to engage insiders and build trust relationships.<\/p>\n

How social engineering endangers your security<\/strong><\/h3>\n

Social engineering attack planning typically involves building a profile of the target organisation and its employees.<\/p>\n

Hackers use sources such as corporate websites, industry forums and social media sites, including Facebook, Twitter and LinkedIn to gather information.<\/p>\n

\u201cAttackers will then seek to build a trust relationship with an individual or individuals within the organisation over a longer period \u2013 even up to six months,\u201d said Radcliffe.<\/p>\n

This makes it possible for attackers to identify the easiest way in and to manipulate employees of an organisation to help them gain access to the information they seek.<\/p>\n

\u201cBecause it is not a technical attack, attackers don\u2019t even necessarily need technology to hack a person,\u201d Radcliffe added.<\/p>\n

\u201cIn some cases, hackers will bump into your employees in the real world, by tracking where they socialise after hours, for example, and build a relationship with them in person.\u201d<\/p>\n

Tips to protect your people and your organisation<\/strong><\/h3>\n

These attacks can cause huge financial losses and could cost you your reputation and your business, so Radcliffe\u2019s first tip is to admit that your organisation is vulnerable.<\/p>\n

\u201cIt can happen to your company too,\u201d she warned. \u201cIf you deny that this could affect you, you have painted a huge target on your back.\u201d<\/p>\n

She adds that the human element has always been a major vulnerability, and people have always been the quickest way in.<\/p>\n

\u201cFor this reason, people need training and they need to understand that the attack will be personal to them.\u201d<\/p>\n

Most staff do not consider security to be their problem, rather believing that the IT team is protecting them from cybercrime.<\/p>\n

\u201cBut each employee is a conduit and a way in, so you need to drop the culture of blame and instead create a culture of awareness,\u201d she explained.<\/p>\n

\u201cCulture will determine the type of attack you will get, and if you have a culture of blame, fear will be used to get into your organisation.\u201d<\/p>\n

Radcliffe advises having \u2018security moments\u2019 in meetings where people can bring their own stories and start a narrative, as this will engage them in the process.<\/p>\n

\u201cYou will get a lot of complaining, reluctant feedback and false positives, but it is a good start and this costs nothing to implement,\u201d she said.<\/p>\n

Also ensure that employees are wary of any new acquaintances who attempt to build trust very rapidly.<\/p>\n

\u201cTrain your employees to be wary of anyone who seems particularly easy to talk to and who seems particularly interested in them, their jobs and their organisation,\u201d she added.<\/p>\n

\u201cThey should be trained to be careful about what they disclose and how they co-operate with outsiders.\u201d<\/p>\n

Employees should even be wary of job offers from unknown people who are keen to discuss their current role, experience and areas of expertise.<\/p>\n

This is one way attackers can use to engage employees of an organisation to find out what kinds of information security systems are deployed.<\/p>\n

Protecting your email from phishing<\/strong><\/h3>\n

Considering that 91% of hacking attacks begin with phishing or spear-phishing, are your defenses ready?<\/p>\n

It can take 229 days before your business realizes it\u2019s been breached, and that\u2019s a dangerously long time for cybercriminals to have access to your customer\u2019s private information.<\/p>\n

Your organization can’t afford a disruption to business operations \u2014 breaches cost millions and destroy reputations.<\/p>\n

Even with training, 23% of phishing emails are still opened, so protecting the company against human error is a top priority.<\/p>\n

Mimecast Email Security services<\/a> are a critical defense to protect against advanced threats and data loss.<\/p>\n

Mimecast solves critical email security issues with:<\/p>\n