Celebrities who appear to be suddenly successful have long been called “overnight sensations.” In reality, most of these instant stars worked for years to perfect their skills before they got their big break.

Cyberattacks often follow the same trajectory. They are not always immediately disruptive because they are executed stealthily over long periods of time. Only when attackers feel confident in their breach capabilities do they strike.

Three Areas of Focus for Cybercrime Security

Enterprises employ sophisticated technologies to prevent such attacks, but there are other ways to intrude on corporate information that don’t rely on full digital access. Security professionals must train users to be aware of these three less obvious areas that can be exposed to create avenues for intrusion.

Physical Security

Servers are typically kept in secure locations. But with so much data moving to cloud-based environments, it’s easy to forget about the significant amount of sensitive information stored within office facilities. Depending on what is stolen in a physical break-in, the loss may be unnoticed for some time after the fact. Thieves can gain access by breaking locks or stealing keys from an employee’s desk.

Once they have access to server facilities, thieves can simply remove attached storage, backup media or even entire servers. Stealthy intruders might just plug their own removable drives into server ports and siphon files onto them, then leave. Users’ desktop computers may be protected from this kind of access, but because servers are assumed to be inaccessible, they seldom have that kind of protection installed.

Social Engineering

Espionage can take many forms in many environments, and it is being practiced against enterprises around the world. In its most effective incarnation, victims are entirely unaware that they are providing information that can damage their company.

Determined data thieves go after small bits of information from a variety of individuals. They might make a phone call to the front desk to ask whether a particular person is out of their office, then send a maintenance worker to that office to find specific information. Or they might casually meet a targeted employee during his or her lunch hour after following them from the office, and then strike up a conversation from which to extract a seemingly innocuous, yet critical details.

Each bit of information gathered is eventually compiled to create a detailed understanding of the target company’s vulnerabilities. Since the efforts take place over an extended period with multiple individuals, the chances of detecting this kind of activity are slim. The only defense against this kind of social engineering is to implore employees to be wary of the tactics.

Wi-Fi Access

Protecting mobile devices while connected to Wi-Fi access points is part and parcel of enterprise security. But the number and variety of personal mobile devices is growing rapidly, and it’s common for employees to carry multiple connected devices, any of which they may use to connect to services within and beyond the confines of the enterprise. While company-issued smartphones may be secure, personal devices such as tablets and smartwatches could offer cybercriminals the opportunity to steal personal information even if enterprise data is locked safely away.

Employees may unwittingly allow access to these devices. Direct access to enterprise resources may be blocked, but workers sometimes save miscellaneous but critical information on their personal devices simply so they can access it more easily. Enterprises should actively and continuously inform employees of the risks of mixing personal and company information.

Determined data thieves will continue to find ways to gather any information they can to gain access to critical enterprise data. IT needs to maintain security around its digital assets and be aware of the less technical ways their companies can be exposed.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…