Why Core Data Security Doesn’t Stop the Hackers
Hackers are becoming a growing concern for companies of all sizes. There was a ransomware attack once every 40 seconds in 2017, and that figure is expected to be once every 14 seconds by 2019. Because of this, businesses are putting more and more resources into their cybersecurity. This is by no means a bad thing. It can, however, turn into a bad thing if a company over-invests in their core data security and expect to be completely untouchable from cyber criminals because of it. It’s a common misconception that having the best firewall and all the updated patches is enough to keep you safe. This is an inaccurate and dangerous line of thinking. Contrary to what most people would think, a lack of firewalls is not the most common reason for a security breach. Instead, it is often users and employees making mistakes that allow competent hackers access to sensitive data.
An example of user error resulting in a hack is the Verne Harnish hack from 2016. Verne is the founder of Entrepreneurs Organization and Gazelles, Inc, a strategic planning and executive education company. Verne had a sum of roughly $400k taken from the Gazelles bank account despite having protections in place to prevent an attack (the bank even contacted Mr. Harnish’s assistant to notify her that something seemed suspicious. So why was this hack successful? The assistant fell victim to a clever phishing attack, where the criminals pretended to be Verne and told the assistant to wire money to three separate places. The hackers mimicked the writing style and signature of Mr. Harnish, making it difficult to recognize that it was a fake request. The hackers even were able to intercept and send a fake response to the assistant when she tried to contact Verne for confirmation that the requests were real. After the fact, Verne stated that the two failures causing this hack was “not thinking it could happen to [him]” and “falling out of some of the critical daily and weekly routines with [his] team, especially when traveling.”
The Verne Harnish attack could have been prevented if his assistant had been able to recognize the attack or had at least gone through some sort of protocol to make sure it was real. For example, the bank told the assistant to call her boss to verify the money wire, and she emailed instead. Little things like that can be the difference between getting hacked and preventing one. I’m not blaming the assistant; the blame doesn’t fall entirely on her. She, and the rest of the staff, needed to be properly trained on how to recognize an attack and deflect it. Proper training requires constant training, so that users can stay updated on what to be on the look out for and how to handle different situations that potentially involve a malicious attack. Phishing training should also be a priority. Test your employees with simulated phishing attacks to see how they handle it, or have an IT company like Groff NetWorks do a simulation for you. It’s better to fall for a fake phishing email than a real one. As for actual employee training, Groff NetWorks can help with this as well. We can help your company with user training that prepares your employees for any attacks they might face. You can learn more about this on our website or contact us about it at (518) 320-8906.
The moral of the story is this; you can’t spend all your money and time on just the core data security of your company. It is still a piece of the puzzle, but it’s not as big a piece as you might think it is. Instead, a good amount of your time and effort should be focused on your users and educating them on how to be smart about what to click and what not to click. That is where the hackers will try to breach your company, so that is where you must build your walls the strongest.