Surprisingly, cybercrime isn’t just about breaking into computers; it’s about breaking into our minds. Did you know that a staggering 84% to 98% of hackers exploit psychological weaknesses instead of computer code? So, how can we protect your business systems in a world where our greatest asset, our brain, is constantly under attack?
I help retail businesses in the greater DC area that are challenged with unreliable business systems to improve their reliability and security to ensure their businesses survive!
Want to discuss your situation? No obligation! [email protected]
Welcome to the Cyber Age
As we shift from physical to digital spaces, opportunities for work, connection, and communication are growing exponentially. But guess what? So is the risk of cybercrime. And with each online action, we leave behind a digital footprint, making your business systems vulnerable to those with malicious intent.
The Real Hack: Social Engineering
Forget about hacking computer code; cybercriminals are more interested in hacking our brains! They use “social engineering” to exploit our psychological vulnerabilities and gain access to your business systems and customers sensitive information.
Two Common Social Engineering Techniques
Category 1: Phishing
Phishing occurs when a malicious individual poses as a trusted entity to acquire information. This method usually involves using publicly accessible data and mass communication to target many people. For instance, cybercriminals may send emails pretending to be banks or utility companies. These emails resemble genuine communications but aim to obtain personal details such as passwords and account information by directing recipients to a fake, yet authentic-looking, website. While spam filters catch many phishing messages, a significant number still reach inboxes.
Phishing attempts often have common characteristics: they may threaten you by stating that your software is outdated, or your warranty is about to expire; they might offer an incentive like a gift card or monetary windfall; and they usually have a clear call to action, asking you to click a link or open an attachment. Doing so introduces malware to your device, compromising your personal computer.
Category 2: Spear Phishing
Spear phishing is a more insidious type of attack, specifically targeting individuals using personal information obtained from sources like social media or public online profiles. An attacker might pretend to be from another department or external organization to obtain information from a targeted person or group within a company. It’s becoming increasingly common for scammers to impersonate individuals in leadership positions, pressuring victims to complete an online task.
Attackers may also use publicly available information to acquire more information. For instance, if your family is attending an out-of-town event, a scammer may pose as a local sports association representative to confirm your house will be vacant during specific days. Alternatively, they may try to collect sensitive data from company employees for malicious purposes or to gain deeper access to the organization’s business systems.
These are not hacks targeting your business systems, but rather, attempts to gather more information through psychological and social tactics.
Stay vigilant when unfamiliar individuals or agencies contact you with improbable offers or warnings related to your finances or business. These messages may seem plausible initially, but further examination can reveal suspicious elements. If you’re asked to click a link or open an attachment, exercise caution. Always verify the sender’s email or web address, as these may appear genuine at first but have strange prefixes or suffixes. If anything seems illegitimate, do not proceed, and avoid clicking any links. Consult a colleague or IT professional in your organization if you’re uncertain.
Why Do We Fall for These Tricks?
It’s not because we’re gullible; it’s because cybercriminals exploit our cognitive biases and social norms. They use strategies like authority, liking, conformity, commitment, reciprocity, scarcity, reward, and loss to manipulate us. So, what can we do to protect ourselves?
Building Brain Capital to Fight Cybercrime
Take action to protect your business systems and your team from cybercriminals who prey on cognitive biases. Start by having company leaders prioritize brain capital, making mental health care accessible and valuable for employees. Remember, the line between personal and professional life is often blurred, so safeguarding both aspects is crucial. To enhance security, ensure insurance covers mental health professional visits, provide time off for mental health crises, and promote open communication about mental health in the workplace. Leaders should lead by example, sharing their own experiences and encouraging a supportive dialogue around mental health.
The next time you think about your business systems being “hacked,” remember that it’s not just about software and hardware vulnerabilities. Our brains are the ultimate target for cybercriminals, and understanding the tricks they use is the key to staying safe in an increasingly digital world. So, ask yourself: are you prepared to protect your greatest asset?
I help retail businesses in the greater DC area that are challenged with unreliable business systems to improve their reliability and security to ensure their businesses survive!
Want to discuss your situation? No obligation! [email protected]
About Author
My name is Brandon Gates, an information security consultant with more than two decades of Cybersecurity and Information Technology leadership.
