Cyber Security in focus: The individual is a favorite target for security attacks in social media
As the world becomes increasingly digitalized and analogue communication is replaced by cloud services, digital meetings and social media, new threats and risks emerge. Hacking today is not limited to just technical intrusions; on the contrary, new methods are being developed where the individual is at the center.
At Saab, we constantly handle information that is critical to our customers, and sometimes is a matter of national security. During October, EU’s official cyber security month, we will focus on the increasing cyber security challenges and provide guidance through a series of articles covering different cyber security themes. This is the first article.
A popular method in hacking is social engineering. Social engineering consists of several branches, but overall it is about the hacker manipulating an individual in order for him to reveal sensitive information. Social engineering has proven to be a particularly effective method of attacking information systems.
“With an abundance of tools and forums for communication such as e-mail, Skype, Dropbox and LinkedIn, the new approach to social engineering attacks is emerging. Statistics show that it can take up to 200 days before an intrusion is detected, which means that an intrusion does not need to be seen or noticed. Social engineering attacks are multifaceted and include physical, social and technical aspects, which are used in different stages of the attack,” says Pierre Anderberg, Chief Information Security Officer at Saab.
The US Agency for Cyber Security and Infrastructure (CISA) has identified different approaches to social engineering attacks:
- Phishing attack takes place via email or websites to acquire information by highlighting itself as a reputable organization. An example of this could be that a hacker sends an email that appears to come from an established bank that requires information, often there is a "problem" which requires the person to provide information about bank details, which then leads to hackers gets access to the bank account.
- Vishing attack uses communication via speech. The technology can be combined with other forms of social engineering in order to entice a victim to call a specific number and reveal sensitive information.
- Smishing attack uses a text message function, where messages can contain links to web pages, email addresses or telephone numbers. Clicking on any of the above automatically opens a browser, an email, a message or a phone number. With this combination of email, speech, text messages and browsers, the probability of people being exposed to social engineering increases.
To minimize the risk of being exposed to a Cyberattack, there are simple guidelines you can follow:
- Stay up to date on the latest safety information as technology is constantly changing and new threats and risks are also added. If you are up to date on the latest information, it also minimizes the risk of negligence.
- Be suspicious of unsolicited phone calls, visits or emails from people asking about employees or internal information. If a stranger try to contact you and claims to be from a legitimate organization, try to verify their identity within the company.
- Report security incidents to the company you work for, it contributes to statistical data to get a follow-up on how many security incidents the company is exposed to.