It seems to be a recurring theme lately. We either hear in the news or read on social media that some other company has been hacked. We all heard about the big Target breach which leaked personal data of 110 million (1/3 of US population) customers.
But many other companies have been hacked as well, but don’t make the big headlines like the Target breach. Recently Kickstarter (respected crowd funding site), Snapchat and Skype’s social media accounts are among some of the other companies joining the hack attack crowd.
There are two simple answers to why this continues to occur.
- Criminal hacking, AKA as Crackers, is a full-time business that operates 24/7/365. While you sleep their still working. And the focus for these “businesses” is to get real dollars in the fastest way possible. So they focus on the most popular companies with the largest audience for greatest gain.
- Humans are involved. No matter how many times we are told to “create a secure password” or “think twice before clicking on that link that assures you won millions of dollars”, we still don’t listen. Ease of use and the “it won’t happen to me mentality” appear to still outweigh the latter.
The most effective way for criminal hackers to infiltrate companies is by using social engineering attacks over email.
As the example shows below, they are getting pretty sophisticated.
It really does fall on both shoulders, the companies themselves and humans. Companies need to put security as a top priority, before a breach, not after.
I been in this field for a long time and still see the same scams being used to gain peoples usernames and passwords. Until we stop using passwords (which may occur in the near future) for all basic access needs, we will continue to see these headlines in the foreseeable future.
Do you use a secure password?