Understand Security Risk
The threat landscape is more complex than ever, and it’s never been harder or more crucial for security teams to prevent, detect, analyze, and respond to threats.
Criminals have shifted their tactics from technological attacks to targeted assaults on employees by manipulating basic human behaviors. Your company’s people are now your biggest security threat, because they present the easiest opportunities for hackers. More than ever before, every person has an impact on security regardless of their function or title.
It takes only one employee to set off a chain of events that may compromise your company’s data. This makes security part of everyone’s job. In this module, we look at some basic behaviors that every employee can adopt to help make the company more secure.
- “If you don’t give me the information, I will report you to your manager.”
- Authentic-looking email from your bank: “Your account has just been closed. Click here to reactivate.”
- “Can you hold that office door open for me? My arm’s broken, and this package is heavy.”
- “My company is considering investing in your products. Can you answer a few questions about your organization first?”
- “Bill Stevens from Finance always gives me updates about Q2 earning, but I can’t get a hold of him. Can you help me with the report?”
- “Wow… Check out this video of a giant snake eating a zookeeper!”
- Phishing and Malware
- An attempt to acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity. This method is used to trick users into downloading software intended to damage or control a device or network.
- Social Engineering
- In the context of security, social engineering is the art of manipulating people into taking action or revealing confidential information.
- Exploiting Public Info
- Using publicly available information to help design a social engineering attack, crack a password login, or create a targeted phishing email.
- Badge Surfing
- Getting into a secured area, either by following a legitimate badge holder in or by somehow persuading that person to let them in.
- Secretly listening in on private conversations.
- Dumpster Diving
- Collecting information from the recycling or trash that was not appropriately destroyed.
- Installing Rogue Devices
- Installing wireless routers or USB thumb drives where they can give a hacker access to a secure network.