Single Most Important Cybersecurity Vulnerability
Facing IT Managers
Disclaimer: please do not copy and paste the paper
With the growing usage of the Internet, the expansion of global communication, the office in its traditional sense is fading away. In order for corporations, whether small or large to be profitable in this competitive market, the walls of their offices have had to expand beyond the four walls located at their physical business address. In order to conduct business effectively nowadays, it has become necessary to have internal private business and government networks connecting to other corporate and government networks; as such, the use of portable devices has ...view middle of the document...
An authorized user must be able to enter their assigned user name and password to successfully connect to the network and access all documents they are allowed to view or edit. IT policies will usually determine the minimum length of the password, the frequency at which it should be changed, and whether it should include the use of special characters and/or numbers. Password policies can feel like a burden to some employees, and they resort to writing the password down because of the complexity of the password requirements. This is a very unsafe practice; anyone could observe where a particular employee saves this password and take it, or just search until they find it. Crackers are persistent, and will search until they find something of value to break in the targeted network.
Another weakness commonly exhibited by legitimate network users is to leave their desk without locking their computers. This behavior gives anyone passing by the opportunity to view confidential data. Most times, if this behavior has been often repeated without incidences, the employees believe that their environment is quite safe, trustworthy, giving them little reasons for worries. Nowadays, many employees connect to unsecured wireless networks using their corporate (or approved personal) wireless devices, but are unaware of the possible threats associated with this behavior. The use of portable and mobile devices has increased the chances of malicious attacks. First, simply losing a mobile device can cause personal and even corporate data to be stolen and compromised. Personally identifiable data can be recovered on the device and be used to gain access to sensitive data. Secondly, when using smartphones, tablets, and laptops in public places, especially when connected to unsecured wireless access points, others can capture a password or other private information, which they could instantly exploit to gain access to sensitive information. Indeed, hackers and even non-technical people, who have a wealth of information readily available on the internet, can use specific tools to successful sniff wireless signals, and retrieve useful data in order to perform an attack against unsuspecting users.
When crackers are unable to exploit system vulnerabilities, they pursue penetrating a network by using social engineering techniques (Goodrich, 2011, p.43). The Cybersecurity handbook describes it as “attacks that take advantage of human nature to compromise a target, typically through deceit.”(p.60). With social engineering, an attacker uses impersonation (or pretexting) to establish direct contact with users in order to retrieve small pieces of information to bypass security measures, and penetrate a computer system. When pretexting, the hacker claims to be someone they are not, and gains another employee’s trust either under the pretext of an urgent or an important situation. The hacker can pretend to be another department’s employee, an executive, a desktop support...