Like you 3.8bn people in the world are using social media. Today, its a way of life. For all the fun and engagement we have with others near and far, each “Like”, profile detail (i.e. birthdate, marital status), and Linkedin connection, provides the internet’s bad guys with extra clues. They piece our lives together making your company and yourself a vulnerable target.
Out of 15.2bn passwords analyzed by Cybernews, they found that people generally use years in their passwords to mark: 'Birth Year', 'Year of password creation' and 'A special year'. The most popular year is 2010 with nearly 10 million versions used and a close second was 1987.
‘Eva’ and ‘Alex’ are the most used names. Most popular sports teams: NBA’s ‘Phoenix Suns’ ‘Miami Heat’ and Soccer’s ‘Liverpool’ & ‘Chelsea’.
For those of you with the secret passwords containing the above data, you have been warned!
So the photos you posted from your cousin's birthday on Facebook, or the TikTok video you posted where you celebrated your team’s big win, are publicly available clues that are needed to build a profile of you and use it in countless ways to break into your company’s network.
Ok, so big whoop, they know this information. What can they really do with it?
Enter ‘Spear phishing’. This is an email or electronic communications scam targeted towards a specific individual, organisation or business. Intended to steal data for malicious purposes, but even more damaging is when they are able to install malware on a targeted user’s computer. Rachel Tobac, chief executive officer of SocialProof Security, a hacker-led vulnerability-assessment and training firm found “About 60% of the information I need to craft a really good spear phish is found on Instagram alone,”. By scouring somebody’s social-media accounts, she says, “I can usually find everything I need within the first 30 minutes or so.”
An email is often cleverly crafted, tailored to your interests (“To my fellow Dog owner!”), which makes you feel more inclined to click on a dubious link. This inadvertently provides the bad actor with access to your network, or insider details about your child's health insurance details, in order to launch a ransomware attack. Sometimes they even pretend to be you to trap a colleague of yours at your business.
According to a CybSafe analysis of data from the UK Information Commissioner's Office (ICO), human error was the cause of approximately 90 percent of data breaches in 2019.
People unfortunately tend to be the easiest way in and the potential attack is even greater, given data breaches like hacks at Solarwinds, Facebook and Linkedin.
Now, we can either demand that we all stop using social media? (Yeah right!) OR we can minimize the risk by:
Improving our security training to make ‘Humans’ wiser, when faced with a possible attack.
Promoting cyber security to be apart of every business process
Understanding your data and granting access of least privilege
Enhancing Security for all levels of data
Trust in a qualified professional
We at OCiSO, firmly believe that by proving your security will bring trust from your customers and enhance your business profile.
We are qualified and experienced information security specialists who advise owners, boards, management and other stakeholders as members of the team.
OCiSO's Virtual Chief Information Security Officers:
Raise awareness within organisations and take responsibility for setting the Cyber Security agenda.
Respond to Cyber and Data Security incidents and breaches.
Manage cyber and data compliance.
Ensure ISO Certification and Audit readiness - ISO 27001, ISO 23301, ISO 9001 and Cyber Essentials Plus.
Our V-CISOs are supported by our legal, compliance and governance experts to ensure we meet all of the IT and Data Security requirements of our clients.
Get in touch to find out more. www.OCiSO.co.uk