When an organization like the US Democratic National Committee (DNC) can fall victim to an email hacking scam, then virtually any business in the world is susceptible to cyber criminals.
Although the exact details of how the hack was carried out haven’t been released, the end result was a slew of private information making it out into the open. Indeed, according to the stats, WikiLeaks was able to publish 19,252 emails and 8,034 attachments detailing conversations between high-ranking members of the DNC.
Security experts believe that one of the techniques used by the hacker/s was spear phishing. Phishing is a practice known is as a social engineering attack that aims to gain a foothold in a user’s/company’s system by masquerading as a legitimate source. In general, a phishing attack can take the form of an instant message, text message or, in the case of the spear phishing attack used against the DNC, emails.
Phishing Back in the Spotlight
By posing as a legitimate entity, the hacker is hoping to trick the victim into clicking on an infected link. Once this happens a piece of malware is often installed on the victim’s system and the hacker is then able to use this to obtain sensitive data. While many of us will have seen a malicious email in the past, it’s likely the technique used against the DNC was a more complex than your average attack and that’s the issue here for businesses.
As cyber criminals become more proficient and advanced in their methodology, it’s becoming increasingly important to try and stay ahead of the game. One of the main ways to prevent phishing attacks and the loss of personal data is education. Alerting employees to the potential dangers out there so they can identify possible phishing attacks is crucial. However, as the DNC case has shown, a single slip can have potentially devastating consequences which means other forms of protection also have to be used.
One such countermeasure are two-factor authentication (2FA) solutions that ask users for additional form of identification, in addition to their login credentials. By adding such extra layer of verification the organization it makes it tougher for hackers to gain access to the system, even when after they successfully compromised their target.
Millions in Losses
The DNC incident has not only brought the issue of phishing back to the fore, but it’s shown the devastating impact it can have on a company. While the DNC incident was more of a PR disaster than a financial blow, things are different in the business world – according to a recent study by the Ponemon Institute, phishing attacks cost companies $3.77 million per year.
While DNC will do what all good political parties do and find a way to bounce back from this latest incident, it should certainly serve as a valuable lesson to all businesses out there. In an age where more and more information is being stored online, staying vigilant and using the right safeguards are crucial.