Skip to main content

Five types of cyber criminals

Who are they?

Five types of cyber criminals

According to Travelers Insurance  there are 5 types of Cyber criminals. https://www.travelers.com/business-insights/topics/cyber/5-types-of-cyber-criminals

The Social Engineer

#1 

Cyber criminals pretending to be someone else can trick unsuspecting employees to compromise data. In one scenario, a spoof email purporting to be from the CEO of the company directs an employee to send a PDF with employees’ 1099 tax forms for an upcoming meeting with the Internal Revenue Service. The social engineer is able to capture Personally Identifiable Information (PII).

The Spear Phisher

#2

Social threats factored into just under one-third of confirmed data breaches, with phishing the tactic used in 92 percent of social-related attacks. An email can appear to be from a legitimate sender, but actually contain a malicious attachment or link that can give spear phishers access to banking credentials, trade secrets and other information that they are able to access.

The Hacker

#3

Nearly two-thirds of confirmed data breaches involved leveraging weak, default or stolen passwords. Malware poses a serious threat, as it can capture keystrokes from an infected device even if employees use strong passwords with special characters and a combination of upper- and lower-case letters.

The Rogue Employee

#4

Disgruntled employees present an insider threat to data. Insider threats accounted for 15 percent of breaches across all patterns, and they can be especially challenging for companies because employees often have both access to data and knowledge of what is stored and where.

The Ransom Artist

#5

Bad actors have been modifying codes and implementing new ransom attack methods, sparking a rise in ransomware as the fifth most common form of malware, up from the 22nd most common in the 2014 Verizon Data Breach Incident Report. Many companies are paying ransom, often via anonymous bitcoin payments, to have their data restored

What to do?

Practice good IT habits

  • Verify all requests for sensitive, confidential, or protected information and financial information.
  • Verify “Reply To” address is, in fact, the email address of the requesting employee.
  • Send sensitive information via an encrypted email message
  • Beware time-sensitive requests, as social engineers sometimes use a sense of urgency to compel victims into unsafe behavior
  • Have a comprehensive multi phase security in place.
  • Keep systems and SW up to date
  • Provide employee awareness training,
  • Enforce strong password requirements.
  • Restrict access to sensitive data to only employees with an immediate need
  • Log and monitor internal account usage
  • Keep all data encrypted
  • Implement a good data backup process, perform periodic restore to ensure integrity
Need Help?

Assess your IT and Cybersecurity maturity

We can do IT and Cybersecurity assessments, help develop or update your security policy and develop a customized plan to secure your environment.

Featured Posts