Hacking presents a very real, very serious threat. And as remote work continues to inspire new types of phishing attacks, vigilance and education have only grown more important. For this reason, Onepath recently presented a webinar titled “How I Would Hack You: Confessions of an Ethical Hacker.” This webinar focused on the experiences of James Carroll, an ethical hacker and Information Security Engineer at Secure Network Technologies, Inc., and Opal Ferraro, CFO of Onepath, who provided insight concerning the potential effects of hacking.
How Does Hacking Work and How Can I Prevent It?
The webinar began with an important question: What do you see as the biggest security risk to your organization? By far, phishing and inadequate employee training were cited as the main concerns. Discussion then turned to Carroll, who explained his role as a hacker and how he got into the business as a teenager after realizing how easy it was. He also brought up the recent Twitter hack as an example of why cyber security is so crucial.
Next, Carrol explained the four main components of a hacking attack, which include doing open source intelligence gathering (OSINT) before gaining network, user, and admin access.
“OSINT is essentially cyberstalking,” he said. “The main way we do it is through social media… You go on there and post a video of you, your favorite restaurant, and hackers are going to take note of that to get you to trust them… If you have a security phrase that’s, ‘What’s the name of my favorite sports team?’ and you have a picture on social media that answers that question, be cognitive of that… Passwords are (also) a big way hackers are gaining data, so you should make sure you have a grip and handle on the passwords your employees are using… But say I did guess your password. 2FA is (useful), because it says, ‘Slow down,’ you have to enter that code we sent you. And I won’t have your phone, so that stops me there.”
The Consequences of a Successful Hack
The webinar then shifted gears with a second poll: Based on what you heard from Carroll, share where you’re going to go invest first. What did you hear, and where do you feel like you need to take action? Once again, employee training was a top answer, as was MFA.
“Three different things vie for the top spot for me to worry about,” said Ferraro. “One of them is something that happens that literally shuts us down and we can’t operate. That would be devasting to the business. Something else that could happen is we literally lose assets, cash. I’m constantly checking with my team that we’re following all our processes and protecting assets. And the final thing that can happen is reputation loss, and that has a longer tail on its effect on a business.”
Ferraro then went on to explain her views toward cyber security implementation and design.
“For me, it’s extremely important to make cyber security easy but strike an appropriate balance,” she said. “If it’s not easy, they’re gonna not do it, but if you make it so easy that it’s not effective, what’s the point?… Every time you look at an expenditure, you’re making that decision, what am I going to get back from this? What’s the investment? How does it protect me? (And) if you think about the statement that we rely on our people and that they’re our first line of defense and easiest to break through, if we’re not willing to invest in the training and development of that core asset, you’re gonna get what you pay for.”
The webinar ended with a discussion of Onepath’s SecureID offering, which is a bundled security service that incorporates SSO, MFA, self-serve password reset, and security awareness training. If you’d like to see more of the webinar, click the link above. And if you’d like to learn more about Onepath’s offering, click here.