SPECIAL REPORT | Cyber Security M


ost people’s idea of a hacker – the one peddled in films and television shows – is a lone, hooded figure in a dark room, furiously typing green text on a black shell screen for hours


on end until he breaches his target and jumps up in celebration. In reality, cyber criminals look just like anyone else, and can be extremely clever, creative and even charming in the methods they use to get into your business. In many cases, this will mean stepping away from the screen and approaching their victims directly. Social engineers use any means at their disposal to


fool their targets, and your employees should be aware of what to look out for to foil their most common tricks. If they aren’t, it could cost your company millions of pounds – or worse. You might be surprised by how much information about your company is available online. The official website, files indexed by search engines and social media posts tagged at the office could all give away clues about weaknesses to use for in-person attacks. Also think about job adverts – particularly in security


and IT. If the description includes a list of technologies and systems that applicants must be able to use, it could give hackers a good idea of what they are likely to come up against when they attack. Make sure only essential information is available on the company website, and try not to name check sensitive technologies (for example, firewalls and anti- virus packages) in job adverts to avoid showing your hand to anyone who knows how to use Google. We all know that we need to look out for scams in our email inboxes, but while large-scale, one-size- fits-all campaigns can be easy to spot (think odd formatting, spelling errors, broken English, etc.), targeted attacks can be extremely convincing. If you receive an email from the CEO asking for a


UNDER ATTACK FROM ALL ANGLES


Cyber criminals don’t just hack networks – they are also experts at manipulating human behaviour


through social engineering BY MATT SMITH IMAGE SERGEY NIVENS


dofonline.co.uk


payment to be made, or a message from the IT team telling you to log into a new online service with your existing credentials, be aware that it could be a well- craſted attempt to steal money or your password. While you can’t outright reject every request that arrives in your inbox – you have to get some work done, aſter all – a follow-up call or a trip down the corridor for a face-to-face conversation can help to confirm that the sender is who they claim to be. Here’s where things get really interesting. While you


can confirm the identity of the CEO, how do you verify whether the contractor at front reception should be given access to the office? It is this kind of confusion that expert social engineers are quick to take advantage of. Even just a realistic-looking name badge and a high-


vis jacket can be enough to convince reception to give an attacker access to your building. Once they’re in, they can do anything from stealing devices to installing keyloggers that send your login details back to them. The best in the business know exactly how to take


advantage of human nature – by following someone to a keycard-controlled door awkwardly holding R


DIRECTOR OF FINANCE 13


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52