CEO of STARK and ProSysCo, international Cyber-Security speaker since 2003.
Getty
During the times of global quarantine, working from home or remotely has become more important than ever with the transition to a remote workplace. This might sound simple, but the security behind it often has not been the focus to keep individual and corporate data safe.
The most common form of hacking attacks is social engineering, including blueprinting and spoofing. Once these techniques have been successful, a hacking attack is unavoidable. Social engineering is the ability to infiltrate a company or private network on the human level and acquire sensitive information; the weakest part in the chain of security is the human being. It is not possible to implement antivirus, firewall or VPN into the human brain.
Most of the confidential information is passed on through email, phone or conversation without people being aware of it. The goal of the acquisition of this sensitive information is gaining access over an employee or individual to a personal or cooperate network by using the trust and information against them.
Social engineering is based on using humans’ natural desire to help and trust easily and the fear of inconveniences. We all heard of the global hacking attacks at the beginning of this year caused by email attachments that contained harmful software, encrypting entire corporate, government and personal infrastructure data. The victims were held hostage unless they paid huge amounts of ransom to receive a descriptor to gain access to this data again.
A successful defense for corporate and private networks depends on good policies, education and the following of the individual and enforcing these policies permanently. Eighty percent of all hacking attempts are based on social engineering, and they cannot be avoided by hardware or software. Corporations often enforce strict IT security policies inside a company IT infrastructure, but working remotely, these policies often have not been paid attention to nor have not been enforced.
The remote computers and networks that are connecting to a corporate network are typically old, outdated and lacking security hardware and software updates. When accessing a corporate network via VPN or remote desktop, these connections are two-way streets, and they need to be made safe in both directions.
Based on 21 years of experience in global IT security, I’ve observed that for most corporations, the budget for IT security is only available after a security breach and loss of data. The proactive approach to investing in good security, hardware and software to set up remote and corporate offices has not yet reached the point of a “must have” standard.
Social engineering is based on person-to-person or person-to-PC interaction through data typed or spoken by an individual, triggered by a situation or behavior. It’s a coalition between emotions and electrical signals in the brain. I’ve seen some companies use, for example, the SCARF model to expose and visualize this neuro-scientific behavior and explain this phenomenon and how we as humans respond to external triggers that affect our decision making. This is just one example of how your brain reacts to the psychology used, triggering certain behaviors and emotions to cause a reaction that leads to unintentionally compromising sensitive information and successfully execution of a hack.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
