Telecommunications companies are prime targets for cyber-attackers and even nation-state sponsored attackers, because they control voice and data transmissions, and hold vast amounts of information.
But they are also usually a tough nut to crack, which is why cyber-criminals often use insiders to gain access. These insiders are either disgruntled employees, or have been blackmailed using compromising information usually gathered from open sources. All this information has been unveiled by security experts Kaspersky Lab. Out of all cyber-attacks, more than a quarter (28 per cent) include a malicious insider. More than a third (38 per cent) of targeted attacks use the same strategy.
“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organisation in a world where attackers don’t hesitate to exploit insider vulnerabilities. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody somewhere has you in their sights. The sooner you know about it, the better you can prepare,” said Denis Gorchakov, security expert at Kaspersky Lab.
There are a couple of things you can do to stay safe, according to security researchers. The main thing is to educate staff about responsible cyber-security behaviour. They need to know what these dangers look like in order to act accordingly.
Robust policies, especially when it comes to use of corporate email should also be introduced. Kaspersky Lab also suggests restricting access to sensitive information, regularly auditing company's IT infrastructure, and using Threat Intelligence Services.