Götz Schartner from 8com, a german it security company, says social engineering is a proven way to attack companies. Interview with a solution focused ethical hacker. 

 

How does a hacker typically attack a big

company?

An experienced hacker will do a lot of research and look for weaknesses. These could be system vulnerabilities, software which hasn’t been properly updated or gullible employees who are prone to clicking on suspicious email attachments or hyperlinks. Both methods of attack allow a hacker to install malware and infiltrate company networks.

He or she can then manipulate data, remotely control

network devices and even manipulate production

processes. This is in addition to the danger posed by

social engineering. Fraudsters often send fake emails to employees which can lead to them transferring large amounts of company money, all whilst making them think that they are acting under orders from their CEO. Sometimes fraudsters simply impersonate suppliers and divert payments to their own bank accounts. This can also be done by hacking company networks and changing existing account information directly. As you can see, we’re dealing with a wide range of attacks, which aren’t solely aimed at big companies.

 

« Employees at every level of a company's hierarchy need to know about the dangers lurking in the digital sphere»

 

 

What are companies’ most common weaknesses?

Many companies don’t spend a lot of time or money on keeping their systems and software updated. Installing patches immediately after their release is, however, incremental to cyber security. Companies also have to make sure that systems are safely configured. By adhering to these two rules, companies can dramatically minimise the risk of attackers being able to access their networks

through software vulnerabilities. Another important issue is employee awareness. Employees at every level of a company’s hierarchy need to know about the dangers lurking in the digital sphere and how to protect themselves and their company. No matter how sophisticated a company’s antivirus software and firewall, no matter how up-to-date its software, if employees click on suspicious email attachments and links without thinking twice, no company is safe from hacking attacks.

 

How does 8com help companies to improve their security?

We offer a wide variety of services to improve information security and have been successfully working with small and medium-sized businesses as well as large corporations for over a decade. We cover everything from establishing effective vulnerability management processes and monitoring our clients’ systems to implementing sustainable employee awareness campaigns using web-based training, videos, user guides and more. We usually kick off these campaigns with thrilling live hacking events to show participants that every single one of us can fall victim to cybercrime. Our mission is to strengthen our clients’ digital infrastructure,

in addition to the human element. Finding the right

balance between these two lines of defence is the key to information security, at work and at home.