More often than not, cyber criminals target people rather than technology because they are far easier to manipulate. Why break through a wall if you can convince someone to open the door?
Cyber criminals understand this so they are increasingly using social engineering and phishing attacks to obtain stolen credentials and open a doorway into corporate networks. According to the Verizon Data Breach Investigations Report for 2013, stolen credentials are used in four out of five breaches.
The reality in today’s world is that cyber criminals have learned that the weakest link in the security chain is the end user because they are often naïve and gullible to social engineering tactics. Whether it is a mobile device or a traditional endpoint – such as a workstation or laptop – cyber criminals are leveraging the end user as a primary vector to gain access – initially to a single system and ultimately to the larger corporate infrastructure.
For example, the passwords of nearly 6.5 million LinkedIn accounts were hacked by Russian cyber criminals in 2012. Owners of the hacked accounts were no longer able to access their own accounts and LinkedIn encouraged its users to change their passwords after the incident. More significant than access to a LinkedIn account is that many users use the same passwords for other online accounts including their employee log-on. Stealing credentials from one account can provide cyber criminals with access to corporate networks as well.
To find out more please contact us on firstname.lastname@example.org or call +44 (0)20 7193 5708