We write about cyber security all of the time, and for good reason. You need to be sure that your organization’s defenses are bulletproof, or at least optimized for maximum security. A recent debacle in the United States serves as a reminder that even high-level, super-secret government accounts can be hacked, like this story from the Central Intelligence Agency (CIA).As reported by WIRED, CIA Director John Brennan was the victim in question. His AOL account was broken into by a hacker who claims that he weaseled into Brennan’s account by posing as a Verizon worker. In other words, the hacker used a targeted spear phishing tactic, in which he posed as a worker, to trick another employee into handing over information required to access Brennan’s account. In this case, it was the last four digits of Brennan’s bank card.
The teenage hacker and his associates then proceeded to change the password on Brennan’s email account, and gained access to his inbox, which contained secret government documents from Brennan’s work email address, which he forwarded to his personal inbox (a practice that’s highly frowned upon in matters of government secrecy – just ask Hillary Clinton). According to WIRED:
After providing the Verizon employee with a fabricated employee Vcode—a unique code that he says Verizon assigns employees—they got the information they were seeking. This included Brennan’s account number, his four-digit PIN, the backup mobile number on the account, Brennan’s AOL email address and the last four digits on his bank card.
“[A]fter getting that info, we called AOL and said we were locked out of our AOL account,” he said. “They asked security questions like the last 4 on [the bank] card and we got that from Verizon so we told them that and they reset the password.” AOL also asked for the name and phone number associated with the account, all of which the hackers had obtained from Verizon.
The scary part of this entire situation is that the victim wasn’t at fault for the data breach. This situation just shows how easy it is for hackers to obtain sensitive information that they can use to infiltrate your systems. Security questions like “What is your mother’s maiden name?” or “What was your first pet?” are easy enough to answer for a hacker that’s hell-bent on stealing your information.
A solution to this dilemma is to take proper security precautions that are designed to keep hackers out of your accounts by utilizing several security layers. The first step toward implementing this is to use a strong password that’s made up of several different letters (both upper and lower-case), numbers, and symbols. Strong passwords make hacking into an account significantly more difficult, even for seasoned hackers.
The second step is to integrate two-factor authentication for your accounts. Two-factor authentication requires a secondary credential in addition to your normal login credentials, making it that much more difficult for hackers to gain access to your account. These credentials are usually sent to your smartphone in the form of a SMS message, an automated voice message, or even to your secondary email account. In other words, hackers need physical access to your device in order to obtain this credential.
Setton Consulting can help your organization set up the two-factor authentication solution that your business needs in order to maintain top security protocol. Just give us a call at 212-796-6061 and ask us what we can do for your business.