I recently read about a Ransomware attacker who’s offering to unlock infected computers if the victim assists in infecting other people they know. Wow, how insidious is that? Think about this in a corporate setting. Do you think any of your colleagues would hang you, or the company, out to dry to save their wedding photos or their kid’s birthday shots? I’m sure we’d all like to think that no one we know would agree to assist an attacker in this way, but I wouldn’t want to bet on it.
What happens to the poor soul who agrees to infect a friend, colleague or corporate computer? He or she may get those precious files unlocked, but at what cost? It’s not like these cyber criminals to leave easy money on the table, so it’s likely they will try to further coerce or blackmail the victim. After all, the victim became complicit in a crime, and now the attacker has the evidence.
So, what are we to do? For some time now, cyber security professionals have said that the insider threat is one of the biggest risks companies face. The scenario I’ve described is certainly one good example of why the insider risk is such a threat, but there are many others. We can’t necessarily stop people from making poor choices or clicking on things they shouldn’t, but we can try to educate them on the ramifications or consequences of doing so.
Attackers are constantly updating their tactics, so it’s incumbent upon us to update our security awareness training programs. It’s important to have tools and technology in place to secure our infrastructures, but it’s also important to keep our user base aware of the current tactics. Make it fun and informative, and keep it up-to-date. We advise our clients on various methods and strategies to implement effective security awareness that aligns with the business culture and addresses current trends. Remember, novel adaptations of the classic criminal activities such as blackmail, extortion and ransom in a cyber context are extremely profitable because they work. Don’t let one of your users become the next victim!