Social engineering, which includes phishing, is the most popular hacking technique, a new survey by Balabit has shown. The security firm has surveyed almost 500 IT security practitioners, asking them what the biggest threats and most popular hacking methods are.
More than 70 per cent of those surveyed consider insider threats riskier than classic hacking techniques, which is why phishing techniques, which can turn a hacker from an outsider to an insider, are considered the most popular technique.
Second place belongs to weak passwords and compromised accounts, a technique followed by web-based attacks such as SQL and command injections on third.
The additional most popular hacking methods are ranked as follows:
- Client side attacks (e.g. against doc readers, web browsers)
- Exploit against popular server updates (e.g. OpenSSL, Heartbleed)
- Unmanaged personal devices (e.g. lack of BYOD policy)
- Physical intrusion
- Shadow IT (e.g. users’ personal cloud-based services for business purposes)
- Managing third party service providers (e.g. outsourced infrastructure)
- Take advantage of getting data put to the cloud (e.g. IAAS, PAAS)
Balabit concludes the report by saying that organisations must know, at all times, who's accessing what on the network, as that's the best way to determine if that is a real business user or a hijacked account. This can only be achieved by complementing current security tools with real-time monitoring, Balabit says.
"Monitoring can highlight anomalies in users’ behaviour that are worth investigating and not only alert suspicious activities but can also immediately respond to harmful events and block further activities,” it concludes.