Abstract
This paper discusses criminal activities and their security aspects at the workplace. The principle of scarcity says that we value an asset higher when it has scarce availability, while we tend to think that what exists in abundance has little or no value. It is possible that this theory explains why we do not give importance to the information that we generate as users. Possibly, this is the reason why cybercrime has turned into one of the most profitable criminal activities of these times, and this situation will continue as long as we ignore how much data our email address or ID number can provide anyone who asks for them. Things get worse when cybercriminals target companies. The corporate information and why do hackers attack when you are working?
Introduction
The data of the clients is an important part of the economic activity. That is why protecting information should be one of the priorities of companies, but in most of them, it is not yet. The Internet has given us a window of business opportunities that sometimes makes it difficult to make out genuine threats. This means that, in terms of cyber security, companies are reactive and not active, which means that they only look for solutions when they have been struck by an attack instead of preventing it by carrying out cyber security policies.
Save your time!
We can take care of your essay
- Proper editing and formatting
- Free revision, title page, and bibliography
- Flexible prices and money-back guarantee
Place an order
Remember, how was your first day of work? Surely, it was not one of the easiest. You had to learn the names of your colleagues or not. The principle of scarcity says that we value ability higher when it has inadequate ease of use, while we tend to think that what exists in loads has little or no value. Many times it's viable that this hypothesis elucidates that we do not give significance to the information that we breed as users. That is the reason why cybercrime has turned to continue as long as we ignore how much data our email address or ID number can provide anyone who asks for them. Things get worse when cybercriminals target companies.
Hackers: attacks at working place
The data of the clients are an important part of the economic activity. That is why protecting information should be one of the most profitable criminal activities of these times, and this situation will be one of the priorities of companies, but in most of them, it is not yet. The Internet has given us a window of business opportunities that sometimes makes it difficult to perceive real threats. This means that, in terms of cyber security, companies are reactive and not active, which means that they only look for solutions when they have been hit by an attack instead of preventing it by the implementation of cyber security policies.
But none of that information had to do with how to protect yourself from cyber attacks or how to perform your job more safely. And why is that a problem? Because every day we receive dozens of emails from customers, suppliers, and advertisers; we manage orders through third-party applications; and in short, we carry out tasks proper to the activity we perform without the necessary security training. The next click might end with the ransom of the equipment and the encryption of the data stored in it. Cybercriminals are aware of the lack of security training of most users.
What methods do they use?
This is how social engineering and phishing works take advantage of it, just as they do with the uncontrolled things that many workers have in their offices. Lack of awareness and hurry to make up the perfect context for an attack with a high probability of success. And part of that success is determined by the methodology that cybercriminals use, like for example, social engineering and phishing. Lack of awareness and rushing makes the perfect setting for an attack with a high probability of success.
Methods phishers use
An exercise of persuasion. This is how you could define what people do when performing social engineering. Through a set of psychological techniques But none of that information had to do with how to protect yourself from cyberattacks or how to perform your job more safely. And why is that a problem? Because every day we receive dozens of emails from customers, suppliers, and advertisers; we manage orders through corporate or third-party applications; and in short, we carry out tasks proper to the activity we perform without the necessary security training. The next click might end with the ransom of the equipment and the encryption of the data stored in it. Cybercriminals are aware of the lack of security training of most users.
Methods hackers use
This is how social engineering and phishing works take advantage of it, just as they do with the frenetic rhythm that many workers have in their offices. Lack of awareness and rushing make up the perfect context for an attack with a high probability of success. And part of that success is determined by the methodology that cybercriminals use, like for example, social engineering and phishing. Lack of awareness and rushing makes the perfect setting for an attack with a high probability of success and social skills, the social engineer aims to gain sensitive information. An example of social engineering could be receiving mail from someone who supposedly is your manager. In the mail, he asks you to send certain confidential information that you have or, depending on your responsibility, to make a bank transfer to an account number that provides you with the excuse that it is necessary to make that payment as soon as possible. It seems that the CEO Scam is quite obvious, but the reality is that it has achieved a high level of sophistication, so it is a fairly common attack among companies. Also, this example can be even more terrifying if possible. On the one hand, it is making you think that the mail comes from a manager (social engineering); on the other hand, it could not only ask you to make a What happens when the threats come from within the company? money transfer, but also download a malicious file that can compromise your company’s infrastructure (phishing).
In this case, cybercriminals create every day new ways to carry out attacks using social engineering and phishing. In this scenario, learning to recognize a cyber threat becomes a need for all the people who work with electronic devices connected to the Internet. A phishing attack may seem obvious, but the reality is that it is more common than most imagined.
“The truth is out there”. Do you remember? That’s what they said in the X-Files series, letting us know that we had to look for the dangers outside, but how wrong they were. When it comes to cyber security, the people who make an attack possible do not have to wear a hooded sweatshirt or be in front of their computer at dawn. They can wear a suit and tie or have an office schedule.
They may be the people you spend more time with than your family. It is possible that they are your workmates. According to a study that IBM published in 2016 60% of attacks came from within an organization. From that number, 44.5% of the attacks were perpetrated by evil, while 15.5% of those attacks originated by accident, which means by a worker who has allowed access to the company’s infrastructure without wanting to.
Conclusion
From the study, it is clear that things get worse when cybercriminals target companies and the bad news is that you do not just have to defend yourself from what is out there, the good news is that there is a small percentage of those attacks that occur by accident. Cyber security is not expensive compared to the cost of having a cyber attack and these situations can be avoided by complying with the basics of cyber security.
References
- https://opendatasecurity.io/
- https://twitter.com/ODSops
- opendatasecurity.com
- https://www.researchgate.net/publication/321528686_A_Recent_Study_over_Cyber_Security_and_its_Elements/download