Normally when we think of criminal points of entry into an establishment, our minds tend to go immediately to the physical world – doors, windows, overly large ventilation shafts (for you action movie fans out there) and other similar building features. Unfortunately, in the modern technological world, these obvious points of ingress/egress are not all that we need to remain vigilant over. By means of viruses, trojans, worms, or simple brute force, there are several ways a hacker could penetrate and compromise your corporate IT infrastructure.
Here Are The Top 4 Common Hacker Entry Points For Cyber Attacks:
1. Staff/Employees:
It always feels a bit bad to state this, but in most environments, the weakest security link is the individuals themselves. One of the largest threat vectors in the security world is social engineering, which is the art of manipulating other individuals in order to extract confidential information. This can be accomplished through various email strategies (see below), or in-person/via the phone. With the rise in popularity of social media, many of us freely volunteer a large amount of personal information to the Internet at large. This information can be collected to build a profile about a target, which is then used to create scenarios where the intended target is likely to be sympathetic and/or responsive in an effort to glean additional clues or information from them. Fortunately, social engineering is also relatively easy to spot once one knows what to look for. Regular security training for employees goes a long way towards maintaining a vigilant and secure environment.
On the flip side of the employee line is what is generally called an internal threat. This generally takes the form of malicious actions from an active employee - be it theft of information, deleting/removing key resources, or just generally causing a mess of things. Well structured internal security protocols (proper access rights, correct termination procedures, etc) can go a long way towards limiting the potential damage a single individual is able to accomplish.
Email:
As previously mentioned, email is a very common avenue used by would-be troublemakers to gain initial access and/or information. Outside of using it as a tool for social engineering approaches, we need to be on the lookout for phishing attempts, ransomware, malware, spyware, trojans, worms, and any other sort of malicious attachment – all of which can easily wreak havoc on an individual system, or an entire network. Again, like with social engineering attempts, malicious emails are rather easy to spot with proper training and vigilance. In addition to proper training for our end-users, one should look to employ strong anti-virus software, install proper firewalls and networking protocols/systems in order to protect our users and company resources.
Personal Devices:
The rise in popularity of mobile devices has created an entirely new playground for the enterprising hacker. Many of us use our smartphones to access work-related email accounts in one way or another (among other work-related applications) – making them just as an appealing of a target as our personal computers are. Additionally, our mobile devices have access to our internal corporate network in some capacity, usually via a WiFi connection, making them appealing targets for compromise on multiple levels. Ensuring personal devices stay on a guest network, developing and enforcing proper Bring Your Own Device (BYOD) Policies, and using some form of mobile device management for applicable devices will go a long way to ensuring our smartphones don’t end up being compromised network nodes.
Company Websites:
Another point of entry that isn’t thought of much is a company’s website. Website exploits have been growing in popularity and have become quite sophisticated in their execution. As a potential hypothetical situation, a cybercriminal would look to access specific information by exploiting the faults in targeted websites code base (online form exploits, spoofed server names, etc). For example, if they are only interested in financial information about their victims, these tools will target the websites that carry that kind of information. Implementation of any Web-based application poses potential loopholes with high chances for cybercriminals to exploit and expose.
If you're concerned about securing your business technology, give us a call today or schedule a free IT consultation to give you a better idea of where you stand from a cybersecurity perspective and how we can help you get to where you want to be: (512) 388-5559.
By Brandon Kaylor
Desktop Support Technician
Central Texas Technology Solutions