There is some good news. Businesses, it seems, are getting ever-so-slightly quicker at actually spotting breaches: the average time between compromise and discovery has apparently gone down from 146 to 99 days. But of course, this is still more than adequate time for hackers to access what they are looking for.
Those of us who have been involved in cyber security for decades are familiar with the ‘cat and mouse’ game described in the report. Cyber attackers continue to hone their tactics; they evolve and get smarter – and it’s the job of security teams to continue to keep up.
So what have criminals been up to over the last year? Well, you’ve heard of ‘state sponsored’ hacking. On the one hand, this report shows that many run of the mill hackers have boosted their skillset so they are now comparable with state-level actors.
But one new trend came as a particular surprise to the report’s authors: criminals getting on the phone to their targets to get the information they need to launch an attack. Hackers, it seems, are becoming more sophisticated with the help of some decidedly ‘old school’ con tricks.
1. The hacker realises that a generic-themed, unprompted email will most likely be picked up by the target company’s corporate email controls.
2. So the hacker does a little digging (via LinkedIn or the company’s website). He identifies a named individual and comes up with a credible ruse to make contact – such as a potential new supplier of office materials – or even a new client enquiry.
STAY IN THE LOOP
Subscribe to our free newsletter.
We hear about high-profile breaches almost every week in the news, but what actions are organizations taking to keep these breaches from happening? Implementing new solutions is great and new tools are always helpful, but it’s the bad habits formed by your team that can really hurt you. Here are 4 bad cyber-security habits to […]