Technology companies have consistently been the target of cyber criminals in recent times. Uber recently announced that they have been hacked through social engineering and they haven’t been the only victims of this act. More and more technology companies are sprouting up and storing information on the virtual cloud making them an easy target for cyber attackers.
In this article, we will explore who cyber attackers are, why social engineering is a favoured mode of attack, and how technology companies can prevent these attacks.
Who are cyber attackers and why social engineering
An attempt to gain unauthorized access to a computer, computing, or operating system with the intent to cause damage is called a cyberattack. Hackers, who are the perpetrators of cyber attacks, use several strategies to execute malicious attacks, one of which is social engineering.
Social engineering is a broad term used to refer to malicious activities perpetrated by cyber attackers to psychologically manipulate victims in a manner that is reliant on human error rather than lapses in software security. This malicious activity doesn’t happen in one interaction, rather it happens in a sequence and attackers use a combination of different techniques.
The success of a social engineering attack is completely hinged on human vulnerabilities rather than a malware-based intrusion, hence, it is more difficult for companies to protect themselves.
Typically, an attack would start with the hacker identifying their target and gathering relevant information about them such as position in the company, and personal information. Then the hacker will make contact and, armed with information about their victim, capitalize on natural human emotions like fear, anger, or curiosity. Over time, if the individual is not sensitive to what is happening, the hacker, after gaining trust, executes the attack which might be divesting company security protocols from their victim or using the victim’s device to access the company database. Once the attack has been carried out, the hacker subtly brings the interaction to a natural end and retreats.
How can technology companies prevent these attacks?
Don’t be the curious cat
If you are familiar with the idiom “curiosity killed the cat” then you might find this tip self-explanatory. If you receive funny messages from someone who claims to have sensitive information about something you have no business with, such as personal information about a boss or colleague, refrain from letting your curiosity get the best of you. Always ensure you are minding your business and if necessary reach out directly to your co-workers if you need certain information.
Train employees to easily identify social engineering attacks
Considering that social engineering preys on human vulnerabilities, companies must train their employees to be able to identify these types of attacks right from the first point of entry.
Be wary of tempting compensation
A hacker might offer you a better salary or a better job just to gain access to you. Thanks to social media platforms like LinkedIn and Google, it is relatively easy to ascertain a person’s identity. Ensure to always research a company or an individual before taking any intended action.
Use social media consciously
Remember everyone has access to the internet and can easily search for your profile to gather information about you and your activities. You must remember this as you tweet, as you post, so as not to give away too much personal information that could be capitalised on by malicious attackers.
Technology companies can protect themselves if they focus on equipping their employees with relevant information so they can easily identify a socially engineered attack from the first stage.
