Security Knowledge: How Hackers Steal Your Employee Data

August 13, 20191:28 pm
Generic placeholder image

Being secure has become a top priority of a boardroom agenda for companies. Especially for small business owners, cyberattack is seen to be targeting you more. The statistic showed that more than 40 percent of cybercriminals are targeting small business, with 60 percent of the victims said they go out of business within six months of a cyberattack. But the possibility of hacking bigger companies are also unquestionably high because afterall, no organisation can be totally secure.

An established aerospace industry, Airbus, for example, has been attacked by hackers who try to steal their employee data. The press release as quoted by Security Boulevard revealed that while the incident was not specifically impacted commercial operations and customers data, the ongoing investigation found that some personal data was accessed. The data accessed are mostly professional contact and IT identification details of some Airbus employees in Europe.

See also: Mulling on Cybersecurity in the Digital Age: Thoughts from V-Key Co-founder Benjamin Mah and Tony Chew

Another prominent organisation, NASA also fears that hackers might have stolen their employee data. As reported by Tomáš Foltýn last year, NASA cybersecurity personnel notified that their employee personal data might have been ex-filtered in a suspected security incident. NASA is indeed a no-stranger to security incidents, wrote Foltýn. Since 2001, NASA has already been familiarised with various attacks in their systems.

Therefore, security, be it in small or big enterprises, is a pivotal system for a company. In addition, having top cyber talent is beneficial in creating a robust security system. Other than that, awareness from the whole organisation members should also be enacted as the team should understand how hackers steal data. By having knowledge or understanding how hackers work, there is a good chance that not only you but the whole organisation will be a lot safer. So, here we go, three common strategies hackers use to steal your business data.

1. Social engineering attacks

This commonly becomes a favourite strategy because hackers do not need to break your detailed security system. Instead, they can make use of your employees’ social media to steal the whole organisation data system.

This incident happened to WHMCS Corporation. As their database administrator loved using social media, a group of UG Nazi successfully used his social media to create a document on him that included everything from his kids’ names and his anniversary – from professional to personal lives. The hackers then impersonate this guy calling the company to reset a forgotten password. Because hackers have all the data of WHMCS administrator employee, the organisation put trust in him. Resetting the password, UG Nazi downloaded 1.1 gigabytes of credit card numbers and erased all of their databases in no time.

2. Phishing attacks

Phishing attacks are becoming a preferred practice of criminals as it employs a diverse technique. This practice is utilising users in your network. The users will receive communications like emails or page directions which are designed to look like a trusted organisation. This is a trick method that direct users into giving up sensitive information like credit card details or social security numbers.

First, hackers create falsified login pages that look like banking institutions or other trusted organisations. Then, when users input their password into one of these false login systems, other accounts become vulnerable due to the tendency to reuse a password. This is, however, a simple trick that can detrimental not only individuals but your organisation.

Usman Rahim as interviewed by CPO Magazine commented that these attacks can be worrisome as threat actors might find more than 100 ways to escape detection by checking for known anti-malware. This is a cat and mouse game between security providers and threat actors that continues unabated, added Rahim.

3. Guessing attacks

The guessing game is a simple yet difficult practice. It is simple because attackers only need to guess through hints that your employees provided through their social media or uncovered deck. It is also difficult because general security system now uses two-factor authentication that makes it hard for cybercrime to steal your data. Additionally, touch ID and facial recognition are also smart protection that slow down attackers’ attempt to steal your data. But there is no guarantee that all these robust securities are really secure so changing your password from time-to-time is recommended.

Read also: The Importance of Cyber-Security in Cyber-Workplace: Conversation with Parvinder Walia