Cybersecurity Alert: Humans Remain the Weakest Link in Cybersecurity Are you familiar with social engineering? It’s a criminal method of manipulating people, so they give up confidential information. The types of information being sought can vary. Still, when individuals are targeted, the criminals are usually trying to trick you into giving them your passwords or bank information or accessing your computer to secretly install malicious software–that will give them access to your passwords and bank information and give them control over your computer. Is social engineering that effective? Ask an Uber or Rockstar Games employee that question, and you’ll likely hear a resounding yes. This effective mode of duping people within a targeted group or business was the method that one hacker used to hit both companies with a breach. Just how effective is it? In 2021, the FBI received 323,972 complaints of social engineering attacks. And there are many more that go unreported.
What Happened A teenage hacker known as TeaPot claimed ownership of these attacks. The Uber network was accessed by convincing an employee contractor that they were part of Uber IT and that their credentials were needed. They believe those credentials were first found and purchased on the Dark Web. From there, TeaPot tried to log in but was stopped by multi-factor authentication (MFA). TeaPot then contacted the employee through WhatsApp, a messaging platform. They then claimed to be from Uber IT, saying they needed the employee to approve the MFA request. With Rockstar Games, it was Slack messages that were breached. It is believed that access was acquired through manipulation there. Losses from a breach aren’t all the same. We often assume it comes in the form of stolen credentials. While this is often the case, in the Rockstar scenario, it was stolen intellectual property. Content from their upcoming game was released, which means a loss of revenue. Additionally, the hacker is threatening to release code that would give access to anyone wanting to create pirated versions of the game.
How to Prevent Social Engineering Humans are the access point, so it is through ongoing training that they must learn how to avoid succumbing to an attacker’s tactics. Enabling multi-factor authentication can assist with preventing access, but avoiding leaked credentials in the first place is critical. The Uber breach is a case in point.
Educating your workforce to recognize that they can be targeted through online platforms outside work systems is part of the process. Humans remain the weakest link in cybersecurity. Taking a multi-faceted approach can strengthen your human firewall and secure your business. Contact us today to learn about the resources we can provide for your success and safety!
Reynolds + Rowella is a regional accounting and consulting firm known for a team approach to financial problem solving. As Certified Public Accountants, our partners foster a personal touch with our clients. As members of DFK International/USA, an association of accountants and advisors, our professional network is international, yet many of our clients have known us for years through the local communities we serve. Our mission is to operate as a financial services firm of outstanding quality. Our efforts are directed at serving our clients in the most efficient and responsive manner possible, delivering services that exceed the expectations of those we serve. The firm has offices at 90 Grove St., Ridgefield, Conn., and 51 Locust Ave., New Canaan, Conn. For more information, please contact Elizabeth Bresnan at 203.438.0161 or email.