At the root of most of the ransomware attacks is a social engineering strategy, discovered by hackers, which involves exploiting a person or persons to access company programs and confidential information. Social engineering plays on the human tendency to trust. For cybercriminals, it is an easy way to gain access to a private company program. After all, why would they spend so much time trying to guess someone’s password when they just asked for it?
Here are the 5 most common types of cyberthreats
- Phishing
A leading strategy linked to modern ransomware hackers, usually delivered via email, chat, web ad, or a website designed to impersonate a real program and organization. It is usually designed to convey a sense of urgency and importance, the message within these emails often appears to be from the government or a large organization and can include logos and branding.
- Baiting
Similar to the crime of stealing sensitive information, baiting involves inserting something that attracts the end-user by exchanging confidential information. The “barrier” comes in many forms, both digital, such as music or movie downloads, and physical, such as a flash drive with the “Executive Salary Summary Q3 2016” left on the desk for user access. Once the trap is taken, the malicious software is brought directly to the victim’s computer.
- Quid Pro Quo
Similar to baiting, quid pro applies for private but service data exchange. For example, an employee may receive a call from hackers claiming to be a technology specialist who provides free IT assistance by exchanging login credentials.
- PreTexting
When a criminal creates a false sense of trust between them and the end-user by pretending to be a coworker or someone with authority in the company to gain access to confidential information. For example, a giant could send an email or chat message that you have created as the head of IT Support that requires private data to comply with a business test (which is not true).
- Tailgaiting
When an unauthorized person legally follows an employee to a restricted company or system. The most common example of this is when a burglar calls an employee to open the door for them as they forget their RFID card. Another example of tail-making is when a giant asks an employee to “borrow” a private laptop for a few minutes when the hacker can steal data quickly or install malicious software.
How to keep yourself protected against these threats?
Start with anti-virus software. Antivirus, as its name implies, is designed to detect, block, and remove viruses and malware. Modern anti-virus software can protect against malware, keyloggers, backdoors, rootkits, trojan horses, worms, adware, and spyware. Some products are designed to detect other threats, such as malicious URLs, phishing scams, social engineering strategies, identity theft, and DDoS. A network firewall is also important. Firewalls work by monitoring the outgoing and inbound network intrusion based on a configurable set of rules – which separates your secure internal network from the Internet, which can be considered secure. Firewalls work as utilities on your network and, in many cases, offer additional functionality, such as a private network (VPN) for remote employees.
