There’s just one bank in Chile, named RedBanc, that is responsible for managing that country’s entire ATM network, and despite the fact that they had advanced security protocols in place, the bank’s security was breached. The threat began with two tools that may be used in your office every day, LinkedIn and Skype. So the question is, could your company become a victim of a similar attack? Even if the answer is yes, one very inexpensive add-on to the bank’s cyber security plans -- Cyber Security Awareness Training -- may have prevented the attack, and it could prevent a similar attack at your company as well.
How The Bank Was Hacked
According to the NakedSecurity blog, the hackers placed an ad on LinkedIn for developers. A bank employee, looking to leave the bank, responded to the ad and was invited to communicate about the new job via Skype. During the Skype chat, the hacker sent the bank employee a file named ApplicationPDF.exe, which the employee downloaded and opened.
The file contained software that was able to “explore the network for new security gaps.”
Five years ago, a traditional cyber security plan for a small company might include firewalls, strong passwords, antivirus software, malware filters and little more. These days, that’s not nearly enough. The cyber security systems that we’re now installing are far more sophisticated and can protect your business, your employees and your customers far better. Our typical Business Protection Toolkit cyber security installations now can include:
- Patch Management – To close down known holes in systems and software.
- Email Filtering – URL Wrapping, Sandboxing, Extension Control, Comprehensive Logging to catch known-bad payloads in email.
- Web Filtering – Includes Advanced Web Filtering, URL filtering, Sandboxing, to prevent damage from malicious code online.
- Encryption – Beyond full disk encryption, which is ineffective against a breach, we install file, folder and cloud encryption, so all your data is safe. When encryption is used, any stolen data is rendered useless.
- Security Operations Center – Our SOC team of security experts monitors the results of all our Protection Essentials tools and leap into action when they detect suspicious activity.
- SIEM – Security Information and Event Management System (aka Strange Activity Detection).
- Advanced Identity Monitoring – Giving you early warning if your private data, identity or credit info is ever exploited or becomes available for sale on the dark web.
It’s reasonable to assume that the bank had similar systems in place, and perhaps more, yet the attack was still successful. That’s because this story includes the innocent cooperation of someone inside the network.
How To Reduce The Risk Of A Cyber Attack with Cyber Security Awareness Training
That’s why this next step is so critical. In order to better protect yourself against outside hacks, every cyber security plan should contain Cyber Security Awareness Training for all employees. With CSAT, your employees will learn how to identify relatively obvious threats like this one, and those that are far more obscure.
CSAT includes training to identify and prevent these kinds of attacks:
- SPAM -- often how password-stealing malware is delivered
- Phishing -- emails that look like they come from legitimate institutions, but are in fact fake.
- Malware -- software that looks legitimate, but actually does great damage, potentially carrying keyloggers, rootkits, ransomware and worse.
- Ransomware -- software that encrypts your data or software, effectively disabling your business, then offers to sell you a decryption key for large sums of money.
- Social Engineering -- when one person induces another to give up access to resources. (This is what the bank employee was victimized by.)
Without Cyber Security Awareness Training, employees who explicitly open and run malicious code, click on dangerous links, visit malware-filled websites or give access to unauthorized users -- whether the employee is intentionally malicious or just unaware -- can cause tremendous damage to your business, your employees, your vendors and your customers.
Get Cyber Security Awareness Training For Your Company
CSAT is part of our Business Protection Toolkit, which can protect your business from the threats that are attacking your business every day. If you don’t yet have a strong cyber security plan that includes CSAT for your employees, let’s talk. It may be the simplest add-on to your current and future security policies that you can have. Contact us or call us at 818-913-1335 today to talk about your current security measures, potential gaps, and how we can close them for you.