The Twitter hack is pretty alarming when you realize what a couple of teenage hackers were able to accomplish using one of the oldest hacking techniques in the hacker playbook.
What happened? Twitter employees were hacked by hackers using social engineering and exposing human vulnerabilities and lack of awareness. The result was several Twitter accounts of some very well known people were taken over by the hackers.
Twitter said the hackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.” Twitter released an update later and said the hackers “targeted a small number of employees through a phone spear-phishing attack.”
Social Engineering Attacks
What are these attacks? Phone spear-phishing and social manipulation are social engineering strategies for tricking one or more employees or individuals in order to gain access to things like credentials to internal systems and information, personal information (for verification purposes), and many other types of information.
Old playbook strategies are still working so hackers don’t have to reinvent the wheel to hack people and gain access to information and tools. Hackers continue to successfully hack high tech, low tech, big and small organizations, schools, universities, healthcare, and government offices using old playbook strategies.
The New Playbook
Why is the old playbook still working? Hackers know information security awareness training is generally required once a year by most organizations. Hackers also know there is almost no way that human vulnerabilities will be eliminated with once a year training – or even spreading out once a year training over a few months.
What playbook should you follow? What you should be doing, and what hackers hope organizations will never do, is provide ongoing and situational awareness on an as-needed basis. The new playbook stresses the importance of proactively keeping employees and third-party service providers aware of current attack strategies (phishing, social engineering, IRS, SBA, Politics, Olympics, etc.) and other situational awareness that will help employees stop attacks.
How is this accomplished? We know that sounds like a big change that might make more work, but the good news is, it doesn’t have to! Awareity’s award-winning Awareness & Accountability Vault complements information security awareness training with proven solutions and options that can be adjusted to your specific needs. You can manage the Awareness & Accountability Vault yourself with your own research, or you can take advantage of Awareity’s customized services to help you keep up with current attacks, bulletins, and situational awareness to place in the Awareness & Accountability Vault so you have more time to focus on your other responsibilities.
The Awareity Awareness & Accountability Vault provides organizations with the most versatile and most effective way to ensure ongoing awareness of cyber-related threats as well as other threats too. Do you need to keep your people updated on situational awareness with COVID-19, Compliance Requirements, Physical Security, Community Safety, or other topics? What about having legal-ready, audit-ready, insurability, and accountability documentation at your fingertips? Of course, you do, especially these days.
Contact Awareity to move beyond the old playbook to use the new playbook so hackers will move on and find other targets that have more vulnerabilities unlike you!