Reducing your business’ risk of being a victim of cyber crime is vital to its future success. Obviously, cyber threats can have devastating impact financially – through downtime, reproducing lost data, replacement of equipment. However, it also comes with less visible costs, in particular reputational damage.
The problem is that cyber crime comes in many forms and guises and it’s often difficult to understand exactly what you need to do to reduce your risk. As with any challenge of this size and complexity, it’s best to divide it down into manageable pieces.
One such area to look at is your Very Attacked People. These are individuals within your organisation whom are at most risk of being targeted by an attacker. They are often, but not limited to, people who have access to financial information or privileged network access. More often than not, they are people who an attacker has identified as susceptible to their techniques.
There are two things to clear up right here:
1. Whilst it’s easy to imagine that these people might be at the top of your organisation, they are not always, and often aren’t these days, and
2. They are being attacked by the same perpetrator, over and over again (they might be attacked from multiple sources, as well, but it’s the repetition from a single source that interest us).
How does it work?
Attacks have become seriously sophisticated. Take email attacks – what was a scattergun approach of sending out mass emails to hundreds or thousands of inboxes attackers now focus on the people they know to be receptive to their methods and repeatedly phish them in unique ways until the recipient bites. This is a very attacked person.
So, who are these people?
People in commercial positions, purchasing, communication, and sales top the list. However, the route in is often through a shared, generic inbox: info@, sales@ comms@, accounts@ and pr@ – these mailboxes often have wide distribution lists and so the attacker has more chances someone will take the bait. Once that’s happened, the attacker can home in on a single person.
How do you protect yourself?
Technological barriers are your first line of defence – mail filtering, firewalls and antivirus. But your last and best defence is your people – train them to spot phishing attacks and take action when then do. Use phishing simulation software to educate your team about how to identify risky emails. This hardens your defences and allows you to find those in your business whom are at most risk of putting your data, finances and safety at risk.
Talk to us so we can help you with tailored Cybersecurity Awareness Training.