Here is a clue – social engineering.
I am often asked this by clients, especially those who I am suggesting need to up their cyber security game. Here is a very good article by the cyber security expert Brian Krebs looking in detail at the recent high profile data breaches at GoDaddy:
When Low-Tech Hacks Cause High-Impact Breaches – Krebs on Security
The bottom line was that the breaches were enabled by the lowest tech cyber attacks – phoning employees and convincing them with a simple believable story that they needed to go to a malicious web site and provide their secure credentials!
And just to convince you that this type of attack is very common – there was an article by Xavier Mertens about it – with examples – on SANS Internet Storm Diary yesterday:
Phishing Again and Again – SANS Internet Storm Centre
Staff cyber security training is essential for all organisations – large or small. This article explains the various ways we deliver this type of training:
Once I have done today’s news and before heading out to my meeting, I will be tweaking the content of my Cyber Security Awareness course for one of our regular clients, who get me back every year to talk to their team about the current risks and threats.
Do you have cyber security awareness training in place?
Clive Catton MSc (Cyber Security) – by-line and other articles
Please Note:
I am on the road and away from the office, so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.