These phishing attacks will cost your company BIG time and BIG money.
New Age Phishing is all about the Data
The new-age hackers are catching companies off guard with data-driven phishing attempts. Based on the recent data breaches, I believe hackers are targeting the Young, Beautiful and Broke employees. Their intent is to quickly identify the people to social engineer and use sophisticated social engineering tactics to get your employees to bypass security constraints like two-factor authentication or biometric authentication. Basically, hackers are preying on your people's weaknesses and get access to whatever information they want. After analyzing the data from 6 companies that have been hacked in the last month, I started to understand that hackers are looking for young cash strapped people that need to impress others. This type of person is desirable to hackers because they can use financial pressure phishing tactics to get the employee to expose their company to a data breach. Here are the 6 most recent data breaches:
Sprint --- a mobile wireless carrier was hacked on July 16, 2019, were phone numbers, names, and other billing information was taken. The hackers can use vishing tactics to get your employees to verify information over the phone.
Flash Flash Revolution --- a Music-based Rhythm Gaming community were 85,000 accounts were hacked on July 21, 2019. This information can be used to find young and isolated people.
Capital One --- a banking and credit card company where 100 million accounts were hacked on July 30, 2019. This information can be used to find people with low bank balances and high credit card balances.
Pearson --- an education software company were over 100,000 student information was hacked on July 31, 2019. This information can be used to determine the age and education level.
StockX --- a marketplace for buying reselling sneakers and other clothing were over 6 million accounts were hacked on August 3, 2019. This information could be used by hackers to classify people by vanity and potential gambling habits.
PoshMark --- a market place for buying and reselling clothing were over 50 million accounts could have been hacked on August 1, 2019. The company is still evaluating the number of accounts. This information could be used to better understand behaviors around vanity.
Why does this matter?
All companies no matter the size should be aware of threat patterns that could show up in their company to proactively combat cyber attacks before they happen. The reactive approach to cyber threats can cause you to lose your reputation with your customer base and potentially lead to legal and criminal action depending on the type of data at risk. If your company has access to European data, under GDPR rules, a company can be fined up to four percent of its global annual revenue for violations. The cost of a data breach in the US is estimated at $7.9 million per breach. The 2018 Marriott data breach is estimated to cost the company $124 million in fines. This is a hefty price to pay for poor behavior that could have been avoided.
How to protect your Company?
Step 1: Quickly find the people that hackers prey on and assess how much they know about cybersecurity and phishing. Hacware is a great product that will automate this risk assessment and provide results in real-time.
Step 2: Cybercriminals are repeat offenders so If a risk has been exposed. Don't just patch it, fix the root of the problem. They will hack the same company again to see if the data breach was resolved. This is what happened to Flash Flash Revolution were a total of 1.9 Million accounts were hacked over 2 years and Sprint was hacked twice in 2019.
Step 3: Continuously, test and train your employees with spear-phishing to improve security training retention. The old fashion anti-phishing products are a waste of time and money. They teach you how to identify spam vs sophisticated spear-phishing attacks.
Step 4: Incentivize your team to learn more about cybersecurity and get them to apply it to their job.
Todays Hacker's want you to believe that their attacks are random and not related. The attacks are related and data is leading them to people that can access to the information they really wanted. Based on my research, this month's targets are the young, beautiful, and broke employees. The best way to protect your company from this threat is to provide an effective cybersecurity training program. Hacware can set up your company in 30 minutes with an easy way to identify risks, test, and train. Sign up now at https://hacware.com/pilot.html