How can your business learn from the Uber and Rockstar cyberattacks?
Over the past few weeks, we have seen two major cyberattacks hit the headlines in which Uber, the ride-hailing company and Rockstar Games, who are known for their popular Grand Theft Auto video game series, became victims of major cyberattacks. Both companies were hit by the same hacker, a 17 year old from Oxfordshire. It is thought that he used a method called "social engineering", which involves deceiving employees of a targeted company by using methods that can be very difficult to identify and stop.
The hacker gained access by using an employee's login credentials, and therefore, was able to see Rockstar Games' internal messages on Slack, including early code and video content for the next Grand Theft Auto sequel. In the case of Uber, the hacker claimed that he impersonated a member of the company's IT staff in order to trick an employee into giving him their login credentials.
What is Social Engineering?
The use of social engineering, also known as "social hacking," is one of the most common methods of cyberattacks used by hackers to exploit individuals or organisations. These attacks, which are based on deceiving targeted companies, do not exclusively use technology-based penetration hacking methods like a typical hacker would, which is one of the reasons why they are so dangerous.
These hackers, also known as social engineers, will take advantage of technological flaws or rely on manipulation and trickery in order to win the trust of their victims or get them to make simple security errors. Once their efforts are successful, social engineers move quickly to implement their manipulative plans.
How do these Hackers/Social Engineers operate?
Attacks by social engineers can take many forms. Most begin with the attacker gathering intelligence and learning as much as possible about your business before attempting to harvest data, such as a customer’s personal details. The hacker may also collect information about your business’s structure, internal operations and potential business partners.
In order to do this, they could:
- Get personal information from online sources like company staff directories, LinkedIn profiles, or social media.
- Pretend to be a third-party vendor and talk to staff members by phone, email or a messaging system.
- Once they have earned the trust of their victims, they might send them friendly emails, texts, or any other form of messages to get them to click on links or share private information.
How it could impact your business
Every year more than half of all businesses are the target of social engineering and successful cyberattacks. It's an increasingly pressing issue that many businesses are only now beginning to take seriously. A study conducted by The CyberEdge 2022 Cyberthreat Defense Report (CDR) found that in the UK alone, more than 80 percent of organisations have experienced a successful cyberattack in the year 2021/2022*.
This proves that whether you're a small, medium, or large business, you should be aware and protected from social engineering attackers. Your business could be the next victim if you don't learn how to defend against the dangers of social engineering. Here are some of the main consequences you’ll experience if your business falls victim to an attack:
Damage to reputation. The impact of social engineering on your business will start by affecting the reputation of your company. While a breach in security or a loss of company data can be devastating, regaining your customer's trust and faith can be significantly more challenging. When it’s made public that an organization has been hacked, the company loses its hard gained trust with current clients and potential leads. Once the reputational damage has been done, bouncing back and regaining the public's trust will require more than just recovering the lost data.
Financial Loss. One of the most detrimental effects that social engineering could have on your business is a loss of profit. Any attack involving social engineering has the potential to result in financial losses for a company. If your customers lose faith in you as a result of a breach in security or the loss of data, you can expect to experience a decline in business.
Productivity costs. Your business’ productivity will take a huge setback when impacted by cyberattacks. Most attacks, if severe enough, will make it almost impossible to continue operating your business as normal. A successful attack would result in significant time spent repairing the damage caused by cyberattacks. This reduces the productivity of general employee’s and ultimately, the profitability of the business.
Ransomware and data theft. Cybercriminals frequently infiltrate a company and stay under the radar for months in order to gather intelligence and steal information. However, ransomware is becoming increasingly popular. To cybercriminal groups, paying the ransom to unlock the stolen data only makes the targeted organisation a bigger prize.
How can Navos help you?
Do you need help identifying and preventing potential cyberattacks to your business and customers?
Our team of experts at Navos can provide an emergency response or a proactive assessment to your situation, bringing a wealth of experience that can keep your business, employees and customers safe from cyber threats. We can conduct detailed security assessments, while monitoring and analysing all security tooling (like the SIEM, AV, and Firewalls) for any activity that might be considered suspicious or a threat to your business. Over the last few years, the team has evolved significantly to ensure it can keep pace with the ever-changing cyber threat landscape.
An interesting observation we made following the recent cyber-attacks, is that the share price of a reputable business actually rose after an issue, indicating that the market has trust in their defences and responses. Therefore, our team at Navos make it high priority to provide our clients with all the necessary cybersecurity protection and solutions, that will allow your business to win the trust and reliability of clients over other competitors in the market.
