Network security in many modern business entities no longer entails the actual security as most people know it. According to Corey Steele, a network security engineer with High Point Networks, network security today has more to do with virtual and existing technology.
Gone are days when data backup or creation of firewalls was all a business entity needed to protect itself. Corey who taught himself all about cyber security and often gets paid to test companies’ networks adds that even installing antivirus programs today won’t help much.
A business that only uses antivirus, backups and firewalls in today’s business environment is simply putting itself in the line of cyber attacks. Steele adds that the network security threats existing today are so many and sophisticated that a business simply can’t survive if it just protects itself with just these basic control tools.
Having learnt from experience Steele says that breaking or manipulating a person’s defenses is much easier than breaking into a company’s security network. It is for this reason that the number one network security threat to a company is its employees. Because trust is an in-depth value in most people, a cyber criminal will find it easier to gain and break the trust of an employee. This way, they will have easy access to the network.
The following are the two possible scenarios an attacker can use
An attacker can pretend to be a telephone company representative and lie to an employee that they want to inspect the phone lines in the premises. In most cases, an employee will let the impersonator in without asking any questions. They will gain access to the company’s network by pulling a wireless access point from the system. They can, later on, access this wireless point from a remote location such as the parking lot.
Another trick an attacker can use is to call an employee and tell them that they work with the company but in the IT department. The attacker will then tell the employee to open a remote-help-desk-session so they can chat. Steele says that the moment the criminal is inside the system, s/he will convince the employee that the ‘problem’ will take a while to fix and they should take a break. It is when the employee is away from the chat room that the criminal gets a chance to install the malicious software.
The other big threat that companies’ are exposed to is the employee who click on corrupt links or download attachments. Steele says that while it’s important to trust, it is critical that employees also verify.
The advice that Steele keeps on telling people is that whenever you receive an unexpected email with an attachment, don’t open it first until you verify that the sender actually sent it. An attacker who has entered the system can easily impersonate anyone and send you an email which contains the malicious malware.