People: The New Perimeter Used by Hackers to Attack Enterprise Network

1. People: The New Perimeter Used by Hackers to Attack Enterprise Network In the year 2015, a cyber attack on the US Office of Personnel Management exposed personal information of millions of government employees. In 2016, FBI and Department of Homeland Security was attacked by a hacker, and the names, titles, and contact information of nearly 30,000 employees were leaked by the cybercriminal. The hacker was able to access the sensitive files of employees via the compromised email account of a Department of Justice employee. What is alarming about these two incidents is that attackers are now using employees as the new perimeter to enter enterprise networks and get access to highly sensitive information. Identity governance is vital to improve security and compliance, and prevent malicious attacks. In a survey, it has been found that up to 28% of enterprise data security incidents come from within the organization. Approximately 70%of organizations across the world have embraced Bring Your Own Device (BYOD) concept; but less than half of the companies have a formal policy around the use of such devices for corporate data. Due to lack of security systems and lesser control over BYODconcept, hackers are now exploiting enterprise network and expanding their incursions. Waterhole Attacks: How attacker used employees to achieve malicious objectives Waterhole attacks became big news when large tech companies, such as Apple, Facebook, and Microsoft, reported that they were compromised. It was found later on that the hacker injected malicious JavaScript into the application development software used by victim companies. The compromised developer workstations were then used to access the internal networks of their companies. In waterhole attacks, the hacker knows that the canteen is the location where all employees gather, meet and decide other things. The hacker then injects the malicious program into that social or public platform used by employees. How you can prevent it Without a strong and well-enforced security policy, your enterprise network security is at risk. Make sure that your employees follow these steps to prevent malicious attacks such as the recent WannaCry Ransomware attack. Security staff should block network access to various suspicious websites, and give employees limited access to company network.

2. Another aspect of cyber attack prevention is simply employee education. Educate your employees about governance, risk and compliance and how to deal with phishing and spamming emails. Data encryption can help to prevent security breaches.Hashing and salting a password can protect it against hacking. Use enterprise-grade email encryption solution to prevent phishing attacks and other cyber threats. One of the greatest threats to your enterprise data security is your employees themselves. Follow aforesaid tips to prevent hackers from using employees as an entry point to your network and systems.