23 Sep Could “Quiet Quitting” Help Keep Your Organization’s Data Safer?
The last 3 years have generated more new workplace terms than any similar period in recent memory. From shutdowns, to Zoom meetings, to remote, to hybrid we’ve seen trends like the Great Resignation and now “quiet quitting” emerge.
It’s a tough market out there for acquiring and retaining talent but what if “quiet quitting” had an upside you hadn’t considered?
Is it possible that this new workplace phenomenon could keep your data safer?
Social Engineering is One of the Most Effective Forms of Cyber Attack
Most of us think of cyber criminals as shadow figures who use specialized technical knowledge to steal value data and cause untold headaches and expensive security breaches for large and small companies alike.
But “social engineers” are equally as malicious as their tech-savvy counterparts.
These nefarious threat actors rely on their ability to exploit human psychology to trick well-meaning employees into handing over sensitive information.
These days, most networks have at least some form of defense – like firewalls and other redundancies – built in to keep data safe.
This means that your employees can be the weakest link in your organization’s security posture.
All it takes is convincing an eager employee to “go above and beyond” and you can expose yourself to a debilitating cyber attack.
What Are Some of the Most Common Social Engineering Attacks?
Because social engineering attacks are so effective, threat actors will continue to use them to gain access to sensitive data. In fact, cybercriminals were able to steal nearly $7 billion dollars in 2021 through successful social engineering attacks.
While there are many different types of social engineering attacks, the ones that are most common are the ones that continue to work:
This style of attack exploits the vulnerability of the weakest link in your company’s security chain: the user. Typically delivered via email, a classic phishing attack creates a sense of false urgency in the recipient in the hopes that they fail to verify the sending address, overlook errors in grammar or spelling, and ultimately click the malicious link embedded in the message.
While general phishing is a broad attack, spear phishing goes after a very specific group of users like those operating your HR or billing department. Because these employees are usually more guarded and sophisticated, the emails they receive from social engineers are also more sophisticated. Usually higher value targets in an organization receive emails that blend into “ordinary course of business” type correspondence.
Whaling, as the name suggests, targets the C-suite or others who are high up in the organization’s chain of command. These attacks can also be attempts to impersonate executives to get login credentials or to initiate a bogus vendor payout.
In a pretexting attack, the threat actor uses a series of lies to gain a foothold of false trust with the victim. The scam typically relies on the perpetrator needing to get a piece of sensitive information – like login credentials – in order to perform an important task.
The rapport is built by pretending to be a co-worker or other trustworthy person. The attacker asks questions designed to capture personal information that is then used in the perpetration of the crime.
In this method of penetration, the threat actor bombards a user’s computer with very authentic looking pop-up banners that encourage users to download tools or other programs to protect their web-browser based activities.
The perpetrator then uses this malware to access a formerly secure network. This “deception software” can also be delivered via email.
There are other social engineering attacks that attempt to gain access to your onsite server rooms as well. These attacks are often referred to as “tailgating” because they rely on following an employee into a secure area. Some attackers will also pose as legitimate vendors – like HVAC or general contractors – to gain access.
How Can You Protect Your Data From Social Engineering Attacks?
It would certainly be nice if the silver lining of “quiet quitting” meant that your data was suddenly more secure, but unfortunately, shifting attitudes toward work don’t mean there has been a significant change in human behavior.
Ongoing training is a critical component of data security for any organization. Developing protocols and company rules about downloading software from unknown sources should be understood and enforced.
Making sure your employees are alert and on guard when they receive email attachments, pop-up warning, or if they see people on the premises who don’t belong can help to limit your exposure to these types of cybercrimes.
While no firewall or security protocol can promise 100% protection, having the right cloud based solutions can help combat cyberattacks.
At CyberlinkASP, data protection, security, and compliance are our top priorities. We can help you migrate to the cloud to improve your security posture while reducing your overall IT costs.
Let’s talk today about how to reduce your vulnerabilities to cyber crime.