Conmen are everywhere
Total visibility at all times is crucial to prevent cyber criminals from seeking to influence a company's employees.
People today live and work in a hyper-connected world. They interact with known and unknown entities on a daily basis. Do they even know how and when they have been breached?
If they don't know something has changed, they will not know that they need to respond.
I want to paint a little scenario; I will base this on a real-life situation:
Imagine owning a successful business. It has a number of people spending their days completing their tasks. This is a well-managed, trusted and tech-savvy bunch. Everything is running beautifully. Designers are designing, R&D is researching and developing, and the company is working on the launch of a new product, design, platform and/or solution for release.
Everything would appear to be on track and coming up roses.
Not only that, but the company has had the foresight to run security awareness training and its people do not click on any links - ever! Right? People do not go to strange and compromised Web sites and ensure they have their admin rights to allow them to be super-efficient. This team is tight-knit and they look out for each other and the company.
Bring in the baddies
Now let's look off into the distance and imagine for a second another small team - this one with a different focus. A crack team of one or two doing their level best to make easy money by compromising the business mentioned above. They want to get that company's client lists, pricing structures or perhaps the ease of launching its new product early, using that company's intellectual property, design and research and development work, with no cost to themselves.
So, how are they going to achieve this?
Conmen do not earn their keep by playing fair.
Quite simply, actually! By targeting the people at the company in the example. All they need to do is to compromise one member of the trusted team. LinkedIn and some very slick Google advanced searches get them the contact details they need. Then the merry band of bad guys sends the company's employees a malicious link or unsolicited attachment. But the team is well trained; recognises it for what it is, and ignores it, even laughs it off as a feeble attempt to gain access.
So, the company can rest assured its business and people are safe in the knowledge that its team cannot be fooled so easily. But then the next step is taken, and this involves more effort by the baddies. Using LinkedIn (easily replaced by any social media type site), the bad guys target the company's trusted individuals. One by one, the team members are tempted with job listings in their feeds. The job requires their specific skillset and there is a temptation to apply to get more information. This sounds like the dream job, and it is from a trusted source.
All the bad guys need is one person to be curious and to want to find out more.
The employees do not click; they simply apply. Now they have been baited; time for the bad guys to reel them in. Having expected the response, they send the company's employees the job description, likely to their free-to-use and not very secure private cloud e-mail service. The e-mail is received and opened, and all the bad guys did was embed the malware in the job description attachment. The company's employees may decide they are happy, and this is where the job application ends. However, the damage is already done - malware is in place and the bad guys now live inside the company's network simply by offering its employees something they wanted.
King of the castle
The malware will now learn, spread and steal all the data the bad guys need. The most risk-free way to get the keys to the company castle.
The truth is behavioural monitoring of an entire environment, no matter where the boundary sits, is the only way to combat the smarter cyber criminal from taking what companies work so hard for.
If a company cannot see that a machine has a new piece of software or that a user account is now suddenly moving data to an external source - it may already be compromised. It makes no difference if the company has protected its corporate e-mail gateway if it does not know what is introduced via one of its people's Gmail accounts.
Trust is a key part of working in a great team, but let's all take into consideration that the bad guys are experts at targeting people's weakest human traits. Conmen do not earn their keep by playing fair. Employees may love the company where they work, but everybody is looking to improve the lives of their families; this makes it difficult not to respond. So companies must think more broadly, keep up awareness campaigns and ensure they are doing all they can to protect their business and their people.
Probably the most sensible thing to do is to get a trusted partner that will work with the company to ensure it knows when something changes on its network. But, above all, ensure the company has total visibility in order to protect it against both obvious and camouflaged attacks.
John McLoughlin has been involved in leading technology solutions for over 15 years and is the founder and MD of the J2 Software group of companies. He is driven by a passion for information security and compliance-focused technology offerings. McLoughlin has consulted around ICT policies, enforcement, productivity improvement, cost reduction and data loss prevention to many organisations in South Africa and elsewhere on the African continent. Through his vision, J2 Software is a provider of globally leading technology solutions that fulfil real business needs and deliver competitive advantage to J2's customers.