If, as a company executive, you allow your employees to send and receive email and permit them to surf the Internet, your corporate network will be attacked by malicious hackers.
That’s the word from an FBI computer scientist who addressed more than 125 attendees Thursday at the ASIS International Region III annual seminar in San Diego.
With all the information about a company that executives and other employees make available on social media sites such as Facebook and LinkedIn, “we give them everything they (hackers) need. That’s what makes our job so hard,” said the FBI’s Darren Bennett.
He said corporations are frequently being targeted with a practice known as spear phishing. This involves an email often sent to one employee, addressed from someone within the company in a position of power or trust. Typically, the mail requests information such as login IDs and/or passwords. A variation of spear phishing involves an email from the IT or human resources department asking an employee to update his or her username or password. Once the hacker has that information, the entire network may be compromised.
The realistic-looking emails are produced from information easily lifted from social media sites, Bennett said.
“If you are just a worker bee in the company and get an email from the CEO, you might want to question why,” he said. “If you have any doubt about the email’s authenticity, contact your IT folks to have them check it out.”
In cases of spear phishing, firewalls and anti-virus programs offer little to no protection. What does work, Bennett said, is an IT organization that constantly monitors the corporate network and investigates cases of heavy traffic or data in the middle of the night. Also, employees need to be encouraged to immediately report any network problems or suspicions they may have about emails received.
“And if your network is successfully attacked, do whatever you have to do to repair the problem — even if that means changing every password,” he said.
The two-day event, concluding today, also included a number of security equipment manufacturers showcasing some of their latest products. Here’s a quick look at a few:
Axis Communications displayed its P-12 Network Camera Series that includes miniature HDTV cameras. The cameras’ design allows them to easily blend in with a variety of environments, making them ideal for discreet and covert surveillance in retail stores, offices and ATMs.
PCSC showed its Fault Tolerant controller series that brings automated system recovery for access control systems. If a primary controller fails, an alternate controller automatically takes over the duty.
Salient Systems demonstrated its CompleteView comprehensive video management software solution supporting IP, analog and hybrid camera surveillance environments. CompleteView is scalable from entry level to enterprise applications.