In an age where data security defenses are getting more and more sophisticated, there will be increased pressure for malicious parties to glean information from within the organization's walls or public places.
Moving forward, we can expect to see a shift from hacking networks to a focus on hacking people. The tactics used to hack people are not highly sophisticated and can encompass relatively stealth threat vectors, making them hard to trace. It seems simple, but it’s important not to overlook the low-tech threats in our high-tech world.
Here are three threats that all IT professions should be aware of and take necessary steps to mitigate:
Visual hacking, a low-tech method used to visually capture sensitive, confidential and private information for unauthorized use, is an under-addressed corporate risk. After all, a hacker often only needs one piece of valuable information to unlock a large-scale data breach.
Take this scenario: A malicious third party enters an office space under the guise of being with a vendor or as a building worker. The individual is given a building pass and essentially has free roam of the office. It is all too easy for this person to snap a photo of an employee's device screen as it is displaying access and login information credentials. The malicious party has visually hacked the company and now has the ability to penetrate deep into the organization’s networks and launch a cyber attack.
Addressing this concern: Taking steps to shift workplace culture to value visual privacy is necessary to combatting this emerging corporate risk. Policies and procedures should address visual hacking on devices and physical documents. Employee awareness and communication programs combined with ongoing education about visual hacking and other low-tech threats can also help.
Equip employees with tools such as privacy filters and the 3M ePrivacy Filter for visual privacy from virtually every angle as a part of a larger visual privacy toolkit.
Data loss as a result of employee behavior should be a major concern for IT professionals today. More and more examples of this pop up on a seemingly daily basis. One of the most recent incidents occurred at Sony Pictures, where hackers under the guise of GOP (Guardians of Peace) claim to have utilized insiders to gain access to the company, compromised records and threatened to hold company data ransom unless demands were met.
Careless employees, particularly those that have access to company networks through BYOD or company-issued devices, can easily compromise company data or intellectual property and may be leaking data without even knowing it. A second category, disgruntled employees, can also pose a serious threat to proprietary company information. These employees may be lured by the potential of financial gain or have a spiteful agenda. As the hackers in the Sony Pictures incident claim, employees with similar interests to the hackers may also be persuaded to join their cause and assist with attacks from the inside.
Addressing this Concern: In the case of the careless employee, lack of awareness and lack of diligence play large factors in data loss. IT professionals can help mitigate the risks by ensuring that corporate policies and procedures that include language on professional conduct with company data and increase efforts to communicate these to employees. Taking an extra step to ensure that devices have remote wipe capabilities in the event that a phone or laptop falls into malicious hands. In the case of disgruntled employees, monitor for suspicious behaviors, particularly following a bad review or probationary period.