Hackers increasingly using phishing emails to trick employees, cautions cybersecurity expert

It’s no secret cyber attacks are on the rise, but not all cyber attacks are created equal. Many cyber attacks are specifically targeted at employees who have access to sensitive company data, resources or money. During a keynote presentation at Arm TechCon, Cybersecurity Consultant Dr. Jessica Barker discussed how cyber criminals are leveraging social engineering to fool employees into breaking normal security protocols, and what we can do to better protect ourselves.

Barker began by noting the different types of hackers. There are hacktivists who are motivated by a political or ideological purpose. There are financially motivated hackers who hold a network or device ransom in exchange for a certain amount of  money. There are insider hackers who misuse company assets or manipulate the system for personal gain. And then there are accidental insiders who are just trying to do their job but accidentally facilitate outside attacks. According to Barker, accidental insiders are who social engineers like to prey on.

Barker noted a rise in spear phishing attacks — an email impersonating a CEO or supplier — aimed at certain people inside organizations. They are made to trick employees into providing a backdoor into a company’s network. “Someone will carry out some reconnaissance online to find out about a company, to find out about people working at a company, to get information about who might be valuable targets or might be easy targets, to get some information they can use to put into a spear phishing email to send to you.”

Barker said the reason these sorts of socially engineered attacks are so effective is because of how the human brain works. “We like to split people into two camps. We like to think that individuals are either rational or irrational. They are either Spock or Homer,” she said. “In reality, of course, is that all of us have brains that are two sides. All of us have brains that can be rational or irrational. All of us spend our day with a Homer and Spock in our brains, and they are battling it out all day as to who gets control.” What socially engineered attacks do is tap root into the irrational side of our brains.

The countermeasure to these sorts of attacks is to empower people to be safer online, according to Barker. One one way to do this is through better communication, especially among those who are not familiar with tech jargon. “We are all at a level of understanding about technology, about security, that we have forgotten what it’s like to not have that understanding, not to have that knowledge, not to have that language. So it’s really crucial for any of your communications about tech to speak at the level of the person you are talking with.”

The post Hackers manipulating employees with social engineering, warns cybersecurity consultant appeared first on RCR Wireless News.