Social engineering is a major security risk. Cybercriminals steal credentials from individuals via mobile phishing attacks and infiltrate company infrastructure. Using personal mobile devices for work creates a major gap in security visibility.
Security teams in companies are currently facing various challenges when it comes to threat monitoring, i.e. monitoring possible threats. Sascha Spangenberg, Global MSSP Solutions Architect at Lookout, explains the recent changes in attacker behavior: In the past, attackers have attempted to gain access to the infrastructure directly through vulnerabilities or using brute force methods. While these attacks are still possible, the risk of being discovered before the attacker can penetrate is high.
Attacking individuals to steal credentials
Now attackers are targeting individuals who likely have access to large amounts of valuable cloud data. The attackers' goal is to steal these users' credentials via mobile phishing attacks in order to discreetly penetrate the company's infrastructure under the guise of a legitimate user.
This creates massive problems in threat monitoring because if an attacker uses stolen credentials, the threat appears to be coming from within. The modern attack chain means companies must change their tactics. Not only do you need to be able to protect against mobile phishing attacks on managed and unmanaged devices, but you also need to be able to detect anomalous data interactions by internal users.
Effective threat monitoring strategy
Today, there is a need for an effective threat monitoring strategy that can evolve with attackers' changing behaviors and tactics. As the modern attack chain has evolved, detecting anomalous behavior from known users is critical. If this activity can be detected, it could be an indication that this user's account has been compromised.
There are a number of ways to detect anomalous behavior, from where the user logs in from to the applications or data they access.
Employees today expect to be able to access data anywhere and from any device, whether via their personal smartphone or a company-owned notebook. Therefore, organizations cannot rely on policies that simply block access based on certain parameters. Threat detection and data access rules must be adaptive and take contextual factors into account to identify potentially at-risk users, devices, and actions that could put data at risk.
Social engineering causes the most problems
Various types of social engineering attacks are currently causing the most problems for security teams and therefore companies. The most critical are social engineering attacks that occur through mobile applications and platforms. Many companies allow employees to use personal mobile devices for work, creating a major gap in security visibility.
Attackers identify people likely to have access to sensitive infrastructure and then conduct social engineering through channels outside the purview of the company's security team. This can be done through a platform like LinkedIn, through social media applications, or simply by text message. Exploiting a mobile device for social engineering allows attackers to compromise company security measures, such as: Bypassing email filters, such as email filters, by targeting personal messaging accounts while reducing the likelihood of the user recognizing the phishing message.
Companies can take precautions to prevent attackers from using social engineering to break into their networks. It is crucial that companies build a culture of cybersecurity in all departments - beyond the IT department and the already sensitized security team. Training is an important part of this. By understanding that a modern attack can look like a well-organized social engineering campaign, companies can protect their employees from attackers.
Raising employee awareness is crucial
It's critical to communicate to employees the value of their credentials in the context of modern attacks. Sensitive data exists in all areas of the company: HR has access to a wealth of personal employee data, product management constantly logs into cloud applications that store sensitive intellectual property, and finance teams have access to company-wide performance data. With all this data, a company cannot afford for it to be compromised.
Companies across all industries must adopt a data-centric approach to security. This not only means protecting the data itself, but also being aware of all the ways attackers can exploit internal employees without their knowledge to gain access to sensitive applications and data in the first place.
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.