Technology evolves, new threats arise but we’re pretty good at developing a technology capable of fighting back the malicious innovations. However, the pace of human evolution doesn’t even stand a chance with the technological changes. With that in mind, we’re all pretty vulnerable in cyberspace, and more valuable is the data you have access to, more likely it is you’re the target for attackers. That’s especially the case with corporate executives and VIPs.
How does cybercriminal work?
Cybercrime is a lucrative business and as with any other business, the goal is to achieve the biggest ROI from all kinds of investments. Time is the currency and criminals always seek the fastest way in. That often happens to be a human mind not prepared for the social and technical tricks cybercriminals use.
You can isolate your computer system. You can put software components in separate sandboxes and put an anomaly detection system on each and every small part of it. You can’t sandbox humans’ emotions. The only line of defense is the awareness of the risks that arise on the link between technology and its operators. Our goal is to increase cyber awareness for executives and VIPs. We want to educate them on how they can be abused by malicious hackers. Which tools will be used to ruin their reputation, professional and personal life.
It has become very easy for criminals to find information about individuals as well as about whole companies. The will surely know about their stakeholders, customers and internal processes. We all use the Internet on a daily basis. We also tend to do it without thinking of how our footsteps can be connected and used in attacks against us. One of the goals of our training sessions is to help executives understand the big picture, when it comes to the data they leave behind, as well as the data disclosed by their organisations.
Phishing and social engineering – hacker’s toolbox.
Even though you can be investing enormous amounts of money in the technology meant to secure your organisation, all you might be getting as the ROI is a false sense of security.
What about the exposure created by the executives or the IT Team with a habit of discussing internal company dynamics and confidential subjects in a cafe next to your company’s headquarter?
It doesn’t matter what type of antivirus an executive is running on their laptop. Most of them – if uneducated – will always click through all warnings if they receive an email claiming their spouse had an affair and the proofs are contained in an attached .zip archive. – There were no affair proofs, but they just fell for a sophisticated social engineering attack meant to infect the computer with malicious software enabling remote access to critical data stored on executive’s computer.
Why are VIPs perfect targets for cyberattack?
Hackers are smart. Malicious hackers are smart and also driven by the financial incentives. It makes them go an extra mile while preparing to attack a targeted company. If an attacker wants to target the soft side of a tough executive, they’ll do a solid OSINT (Open Source Intelligence) against the executive, their relatives and acquaintances. They’ll find out that the spouse of the executive went on a trip within specific dates and visited specific places. They’ll spend days researching the dynamics in the social circle of an executive. They know it’ll allow them to increase the odds of their campaign becoming a successful story.
With a richness of background data, they’re capable of writing a story that appears legitimate. It’s authenticity is based on the volume of facts and insights they had collected. Such a targeted attack will trigger an executive to become emotional or cognitively curious. It doesn’t matter how much we trust our closest ones or how sure we are that nothing bad happened. We’re still curious, maybe not even about the affair itself but who, how and why wanted to spread such rumors. Regardless of the motivation behind it, an executive clicking through the links and downloading attachments means one thing. Mission accomplished for the attacker who who couldn’t care less about how it all came to be. The only thing that matters is that he gained access to the critical infrastructure of a targeted company.
How to increase cyber awareness and keep your data safe as an executive?
It’s cognitively hard to comprehend all attack vectors and all the tricks criminals use while targeting VIPs with their hacking campaigns. That’s why we aim for our training to be as practical as possible, by increasing cyber awareness for executives. We want them to know which elements of their nature in the context of their professional/personal lives can be targeted by attackers. Thanks to such level of awareness, executives can constantly run their lives in a cyber-audit mode, with an alert triggering when they notice anyone touching on the sensitive points we’ve discussed during our training sessions. We don’t want executives to stay silent on the web, avoid using electronic devices or stop using email because it would make them paranoid. We rather focus on ensuring that whatever they do – they do it as safe as possible.
Contextual education is one of the most important aspects of cybersecurity resilience. It enables prevention, speeds up detection and makes response less chaotic. And as the corporate culture starts from the top, the security awareness must start from the executive level and then go deep into the corporate structure.