The biggest hacking threat – the internal user
before you get all worked up – let me explain…
When a hacker is looking to penetrate a network, they look for the obvious open doors (in geek talk – open ports). Once they find these doors, they get information about your system. What is the operating system of the server, which version it is, any updates that are installed – and more importantly any updates NOT installed.
In the cases where the network is so secure that these doors are closed – the hackers cannot gain entry. So the next step is to attack the weakest link – not the firewall, not the server – the USER
This is done by what is known as Social Engineering – this is a process where the hackers gains the trust of someone on the network. The hacker then uses that user to give him confidential information such as username and password.
An example of how this is used – the hacker could send the users on the network an email which seems to come from the internal IT team. This email will contain instruction telling the user to click on the link that will take them to a website (which looks identical to the company website) and then the user will be asked to put in their username and password “in order to comply with a verification process”
Walla – the hacker has a username and password to log onto the system !
Another way a hacker would use a user is by placing a Trojan program (see previous post on Trojans) on a memory stick. The “helpful” hacker would then hand in the memory stick to someone in the company saying this was found. the unsuspecting user, would do what anyone would do – put the memory stick into their computer to see what is on the stick to trace its owner. As soon as this is done, the Trojan is activated and the hacker has a backdoor to enter the system !
What to do in order to prevent this in your company ?
Awareness, Awareness and more Awareness ! You need to educate people on the network not to give away their password, not to open suspicious attachments, and generally be aware. If they suspect something is fishy, they need to report it.
From a techie point of view – make sure that the Virus definitions are up to date, make sure the pc has a firewall, restrict user’s access to sensitive information and become stricter in the length and complexity of passwords.
Get a security audit done (by Swift Consulting) so you know if your network is safe or not.
Keep your guard up !