As social engineering techniques evolve, hackers no longer need to have high levels of technical skills in order to get vital information. A new report from Nuix reveals that 81 percent of hackers interviewed said they could identify and exfiltrate victims’ data inside 12 hours, with 69 percent saying security teams almost never catch them in the act.
The report adds that 9 percent of hackers have never even encountered a system that they couldn’t break into. While some hackers are using sophisticated malware and exploiting zero day vulnerabilities, the vast majority of them are utilizing social engineering — a tactic in which hackers trick victims into willingly carrying out an action by making them think they are doing something else.
Forming an Attack Strategy
Eighty-four percent of respondents said they were using social engineering as part of their attack strategy, with the most common form being phishing emails crafted to look like they’re coming from one source, when in fact they’re being sent by the hacker.
These emails typically contain a malicious link or attachment that, when clicked or downloaded, secretly installs some malware on the user’s system and gives hackers unfettered access to information. Now, with the advent of the mobile workforce and the prevalence of smartphones, hackers are targeting mobile devices and PCs to siphon off everything from personal messages to banking details and access to all necessary social media accounts.
No Recovery Strategy Needed
According to the Nuix report, 100 percent of hackers, testers and forensics experts say once your data is gone, it’s gone. For anyone who has ever had their data compromised, this is a worrying statistic, and — given the size of many breaches reported recently — a sizable amount of data from these attacks is no longer recoverable.
One of the keys to fixing the problem and stemming the effectiveness of social engineering is education. Fifty-two percent of the people responding to Nuix survey said employee education is “extremely important.” As enterprises have increasingly mobile workforces, it’s vital that mobile security becomes a central cog to their overall security strategy, including the use of specialized technology that has security built into devices from the hardware to the application level.
Are unpatched security vulnerabilities worth the risk? A recent report shows just how much known vulnerabilities can cost your business.