Social engineering: the weakest element in security
According to PwC, a company loses much more data because of employees rather than because of hackers attacks. The main threat of the company’s system is so-called social engineering, also known as the art of “hacking” an individual.
One of the common forms of this cybercrime is phishing, or an attempt to obtain information from one of the employees that would help with the hacking a company’s network. Thus, attackers may well gain access to personal accounts of employees, where important company data is located. Sometimes these attacks can be very effective, as employees often take messages with malicious files as a regular newsletter.
Most of the leaks, about 90%, affect personal and billing data. Most of the intentional leaks occur in the financial sector, industry, government and municipal institutions.
First of all, the attackers want to gain access to a trade secret – payroll, employment contracts and any other documents of limited access, and then sell them.