29 Mar Why Getting Hacked Is a Security Advantage
We lock our doors, set the alarm, and install surveillance cameras for our homes and businesses, but when it comes to securing our digital landscape we “trust” our firewalls will do the trick. We take the stance that it won’t happen to me. The truth is, it’s not if, but when.
With 90% of security breaches occurring with phishing emails, educating your employees is vital to securing your data. The need for testing your organization and to “hack your employees” to assess the strength of your human firewall is key. Our new Security Awareness & Training Program will do just that. Sometimes, getting “hacked” is the best way to find the vulnerabilities within your security landscape.
A Fortune 100 Company recently did just that and what they found was shocking.
Almost 60 percent of employees clicked the malicious link. The client, a chief information security officer (CISO) of a Fortune 100 company, asked a “So what?” During this assessment, the team discovered that only two of the 300 employees reported the phishing email. They managed to infiltrate some of the legal team’s email accounts, where it was discovered that the company was the target of a lawsuit that wasn’t yet public. If that lawsuit were to leak, it could significantly hurt the company’s reputation.
Additionally, by reusing some of the passwords they had compromised, the team was able to log in to multiple employee payroll accounts, where they had access to direct deposit information. A criminal attacker could have changed direct deposit account numbers to siphon funds from employee paychecks.
This additional information surprised the CISO and his team. In the end, they acknowledged that the evidence provided a lot more information about their security posture than they expected to receive from the assessment.
There seem to be a lot of misconceptions about the usefulness of security assessments and audits. A motivated attacker with enough resources can practically always make it into a network. Testing is one way to identify holes in your human firewall.
Call us today to assess your company’s security landscape and procedures.