The list of high-profile companies attacked by cyber criminals is long and includes big names like Target, Sony, Citibank, Anthem, and Home Depot to name a few. Could these social engineering attacks have been prevented?

As part of Home Depot’s recent settlement, it agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach that affected more than 50 million cardholders, improve data security over a two-year period, and hire a chief information security officer to oversee its progress. The company said the intruder used a vendor’s login information to infiltrate its computer network and install malware to steal sensitive information.

Multi-million dollar losses are common these days. According to a 2015 study by the Ponemon Institute, cyber crimes cost the average U.S. company participating in the study approximately $15.4 million per year, with 62 percent experiencing recurrent phishing and other social engineering attacks.

Can Attacks be Prevented?

Having cyber security experts train employees can be extremely effective in keeping criminals out of a company’s ecosystem. For example, social engineering is a form of cybercrime that targets humans, not computers. Imagine a con man tricking you into handing over the keys to your home or office.

Social engineering uses the same type of manipulation – with hackers phishing for employees or vendors willing to relinquish their online passwords and login information. We’ve all gotten emails that appear to be from friends or colleagues, telling us to “Check This Out!” so we’ll open a video file with malware. Or messages that appear to be from IT departments, banks, or credit card companies asking us to “click here” to verify information. Once the malware enters a company’s ecosystem, cybercriminals have access to any information that they could want.

What’s at Stake?

Cybercrime is big business, and organized crime syndicates and state-affiliated actors are often the perpetrators. New social engineering schemes are created every day to keep the money flowing. And money isn’t the only thing victimized companies have to deal with:

  • Stolen Information
    Cybercriminals steal passwords, financial data, credentials, customer records, employee data, contact lists, and so on.
  • Damaged Reputation
    Not just high-profile companies take a hit when data theft occurs.
  • Lost customers
    E-commerce sites and mobile apps can be shut down for days or weeks during an attack, and some customers never return.
  • Lower productivity
    Employees dealing with the data breach won’t have time to do their regular work.

Are Companies Keeping Up with Threats?

While some companies employ cyber security professionals or outsource cyber security to experts, most companies still have a long way to go. According to a 2016 Ponemon Institute study, many IT departments struggle to prevent and detect malware and advanced threats. Only 39 percent of survey respondents rated their ability to detect a cyber attack as highly effective, and similarly, only 30 percent rated their ability to prevent cyber attacks as highly effective. With over 60 percent saying they struggle to detect and prevent cyber attacks, job prospects are excellent for cyber security professionals.

The Importance of Cyber Security Certification

It is far less expensive for companies to be proactive by hiring and providing ongoing training for cyber security professionals than it is to clean up the mess after a data breach. For example, cyber security experts can identify potential weaknesses and make sure browsers, software, operating systems, firewalls, email filters and anti-virus software are updated. They can also teach employees about new threats being unleashed daily including new phishing scams that make it through email filters or anti-virus software.

ONLC offers classes that lead to cyber security certifications for CompTIA Security+ and CASP, Microsoft MTA Security, Certified Ethical Hacker (CEH), CISSP and CyberSec security. Contact us today to find the best certification for your situation.

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>