Hackers now work in organised gangs that target individuals to infiltrate organisations. It’s hard to stop them – but by taking an integrated approach to security, service providers can stay ahead.
Cyber crime has changed.
At one time, hackers were lone operators breaking into systems to cause mischief. Now they work in organised criminal gangs, on operations worth millions of dollars.
Hackers cleverly pinpoint an organisation’s weaknesses to enter networks. Often they do this by targeting specific individuals. Once they’ve found a way in, they might not be detected for a long time – and they can do a lot of damage while they’re there.
Spear phishing – how hackers get to know you
A cyber attack that tried to get you to download software or hand over information by sending a fake email is known as a phishing attack. When hackers do this by pretending to be someone you know, it’s called spear phishing.
Our video on the Anatomy of an Attack demonstrates how hard it can be to realise you are the victim of this kind of attack.
The woman working for the hacking gang finds out as much as she can about the company. She befriends the CEO’s wife on Facebook, and contacts the sales team so she can see the organisation’s email signature style.
She then sends an email to staff impersonating the boss. Anyone who downloads the attachment infects their computer with malicious software.
Once hackers have infiltrated a company, they are able to cause devastating problems. In the video, they extract a large ransom payment and release personal information held by the business, causing its stock to fall to an all-time low.
A growing problem
Spear phishing is attractive to hackers, because by finding just one weak spot in the system, they can potentially gain access to highly sensitive information.
The technique has been used for some high profile attacks. The FBI recently said that the 2014 hack on Yahoo that compromised over 500 million user accounts may have begun with a spear phishing email.
And businesses will become even more vulnerable to attacks like this, as everything, both within and outside organisations, becomes more connected. The growing adoption of the cloud and the internet of things gives hackers more and more potential entry points.
And once they’ve broken through, it’s easier for them to reach other parts of the system.
As the video shows, hacking into a network doesn’t require anyone to be stupid. All it needs is a small oversight.
Is there anything businesses can do to protect themselves?
Combating threats with an integrated approach
Powerful security products, including firewalls and malware detection, are essential for telecoms companies who want to provide a reliable service. But the best defence comes from taking a holistic approach.
That’s why service providers need to rethink the way they combat threats. They need to take a best of breed, architectural approach that enables service providers to deploy security that is simple, open, automated and effective.
All the elements in a security portfolio should also be communicating with each other. And there should be visibility across the system.
Cisco’s holistic approach to security
Cisco can provide the technology and expertise to provide you with high-level protection against cyber threats. We have a comprehensive suite of best of breed security products, and can advise you on how to bring them together into an integrated architecture.
And our products are constantly updated with information from Talos, our global security team that maintains a deep understanding of the latest threats around the world. The team has worked with service providers to take down major hacking gangs.
As the success of Talos demonstrates, Cisco’s strength lies not just in our cyber security expertise, but in applying that expertise practically to help keep businesses safe.
The approaches used by hackers are always evolving. But by thinking holistically and considering threats at every stage, service providers can stay one step ahead.
Find out how Cisco’s holistic approach to security can protect your organisation against modern hackers
To learn more, visit our Security Solutions page for Telecom & Media.