Cyber security threats are ever-evolving. At Ontech Systems, we have a saying when it comes to security – cyber security is a process, not a project. It’s not a “set it and forget it” type of IT security solution you can set up once and never revisit again.
For this reason, it’s important to always stay up to date with the continual evolution of threats, particularly when it comes to social engineering attacks. But let’s start with the basics.
Vulnerability vs. Threat
There’s no shortage of technical jargon in cyber security, and one common area of confusion is the term vulnerability vs. threat.
- A vulnerability is a weak link in your network that cyber criminals gain access to. This could be through a set of user credentials they bought on the dark web or through a weak or recycled password.
- A threat on the other hand, is what an organization is defending itself against, for example a Directory Traversal or ransomware.
TIP: One of the best ways to mitigate cyber security threats is through a security assessment that can identify vulnerabilities in your network – before they become a problem. Ontech’s security technician will then make recommendations on which solutions are best for your unique set of needs, IT network, and business.
“I don’t post things online. Therefore I am safe from cyber-attacks”
Another common point of confusion is the misconception that as long as you don’t post content publicly online, you’re safe. The unfortunate reality is that as long as you have an internet connection, you have a door to the outside and the question is; do you have a screen door, a glass door – or a prison door? Your IP address acts as a ‘beacon’, broadcasting that you exist and while refraining from posting content publicly can certainly be a benefit, it doesn’t mean you’re safe.
Social Engineering & Weak Security
It’s widely known that common user mistakes like password recycling and phishing emails are among the most popular ways cyber criminals gain access to networks, but voice phishing and SMS/text phishing are also quite prevalent this year – and they continue to gain traction year after year.
- Voice phishing is what you might think of as a scam call. An unsuspecting employee in bookkeeping for example, might get a call from someone pretending to be a support representative from QuickBooks asking for sensitive information to help troubleshoot an issue or upgrade the software.
- SMS phishing comes in the form of a text that might appear to be from a popular shipping service like FedEx, prompting you to click the link for tracking information. Phishing has evolved and even the savviest users could fall victim to an attack.
Social Engineering Attacks
Today’s cyber criminals have adapted their ways to become more successful in attempts by conducting social engineering attacks.
In short, the information you make publicly available online can make it easy for hackers to target you. For example, by accessing a LinkedIn company page, cyber criminals can find names and details of every employee within a company. With just a phone number and name, they could even find your home address.
The bottom line is this – the more public information cyber criminals have access to, the more successful they’ll be with phishing attempts.
What is Footprinting?
Footprinting is a term that references the research criminals do before an attack. Yes, many hackers have now evolved past blindly blasting out mass emails (although many still do this) in favor of putting a little extra effort into carefully researching and zeroing their efforts on a bigger, more specific target.
Through something as simple as a sales report, cyber criminals can see who reports to who. When this information is combined with LinkedIn data, it creates a clear picture of the chain of command, and who has access to what data. The next step would be to identify a vulnerability in the network and exploit it.
An attack begins with what is known as persistence or access to the network. They could get access through compromised credentials or access to a third party service like Microsoft. From there, a hacker uses footprinting and persistence to move laterally to other systems and devices on the network.
Persistent escalation is the process of a hacker trying to gain access to systems above his current access – i.e. they begin with access to a computer and try to gain access to the company server. And that’s where the real damage can be done.
Guard Against Cyber Security Threats
No IT network is resistant to cyber security threats but there are steps you can take and cyber security services that can help you strengthen your greater Milwaukee area business network.
Contact Ontech Systems at 262-522-8560 or request a Free Network Discovery to learn more about how to prevent cyber-attacks. Our technicians will create a customized plan and help you identify how to strengthen weaknesses in your network before they become a problem.
Follow Ontech Systems