Celebrities who appear to be suddenly successful have long been called “overnight sensations.” In reality, most of these instant stars worked for years to perfect their skills before they got their big break.

Cyberattacks often follow the same trajectory. They are not always immediately disruptive because they are executed stealthily over long periods of time. Only when attackers feel confident in their breach capabilities do they strike.

Three Areas of Focus for Cybercrime Security

Enterprises employ sophisticated technologies to prevent such attacks, but there are other ways to intrude on corporate information that don’t rely on full digital access. Security professionals must train users to be aware of these three less obvious areas that can be exposed to create avenues for intrusion.

Physical Security

Servers are typically kept in secure locations. But with so much data moving to cloud-based environments, it’s easy to forget about the significant amount of sensitive information stored within office facilities. Depending on what is stolen in a physical break-in, the loss may be unnoticed for some time after the fact. Thieves can gain access by breaking locks or stealing keys from an employee’s desk.

Once they have access to server facilities, thieves can simply remove attached storage, backup media or even entire servers. Stealthy intruders might just plug their own removable drives into server ports and siphon files onto them, then leave. Users’ desktop computers may be protected from this kind of access, but because servers are assumed to be inaccessible, they seldom have that kind of protection installed.

Social Engineering

Espionage can take many forms in many environments, and it is being practiced against enterprises around the world. In its most effective incarnation, victims are entirely unaware that they are providing information that can damage their company.

Determined data thieves go after small bits of information from a variety of individuals. They might make a phone call to the front desk to ask whether a particular person is out of their office, then send a maintenance worker to that office to find specific information. Or they might casually meet a targeted employee during his or her lunch hour after following them from the office, and then strike up a conversation from which to extract a seemingly innocuous, yet critical details.

Each bit of information gathered is eventually compiled to create a detailed understanding of the target company’s vulnerabilities. Since the efforts take place over an extended period with multiple individuals, the chances of detecting this kind of activity are slim. The only defense against this kind of social engineering is to implore employees to be wary of the tactics.

Wi-Fi Access

Protecting mobile devices while connected to Wi-Fi access points is part and parcel of enterprise security. But the number and variety of personal mobile devices is growing rapidly, and it’s common for employees to carry multiple connected devices, any of which they may use to connect to services within and beyond the confines of the enterprise. While company-issued smartphones may be secure, personal devices such as tablets and smartwatches could offer cybercriminals the opportunity to steal personal information even if enterprise data is locked safely away.

Employees may unwittingly allow access to these devices. Direct access to enterprise resources may be blocked, but workers sometimes save miscellaneous but critical information on their personal devices simply so they can access it more easily. Enterprises should actively and continuously inform employees of the risks of mixing personal and company information.

Determined data thieves will continue to find ways to gather any information they can to gain access to critical enterprise data. IT needs to maintain security around its digital assets and be aware of the less technical ways their companies can be exposed.

More from Data Protection

Data never dies: The immortal battle of data privacy

4 min read - More than two hundred years ago, Benjamin Franklin said there is nothing certain but death and taxes. If Franklin were alive today, he would add one more certainty to his list: your digital profile. Between the data compiled and stored by employers, private businesses, government agencies and social media sites, the personal information of nearly every single individual is anywhere and everywhere. When someone dies, that data becomes the responsibility of the estate; but what happens to the privacy rights…

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task. In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each…

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…