The micro-blogging website Twitter is looking at introducing a two-step authentication process after a serious of high-profile hacking incidents. A two-step authentication is by no means foolproof but it does involve an extra step that may help eliminate all but the most dedicated hackers. Typically the process requires a user to first log into the required service, they then must enter a password, following this a verification code is sent by text message or app messaging, this is then used to log in.
For cyber criminals regular users are far less an attractive target than businesses.
Just last week hackers used the Associated Press twitter account to tweet about an attack on the White House and President Barack Obama, as a result the stock market took a dive. For Twitter the sooner the two step authentication service launches, the better. If these large organizations with substantial IT budgets can be hacked, it’s fair to say that regular users can, too. For cyber criminals regular users are far less an attractive target than businesses.
According to a news report by Wired.com, Twitter is in the process of testing this two-step security solution and will be looking to offer this to users shortly. Social networks are just one of the entry points cybercriminals use to attack your organisation. For criminals planning advanced phishing attacks social networks provide valuable information that allows their schemes additional credibility and therefore greater chance of success. It’s a catch 22 - as social networking brands gain popularity and become more engrained in our culture they also become more valuable to cybercriminals looking for ways to disguise their attacks.
The more information available publicly to cybercriminals, the greater chance of a successful phishing attack.
Global phishing attacks increased by 19pc during the last half of 2012 and the popularity of social networks has undoubtedly helped cyber-criminals steal more information. Phishing is a confidence trick, with the deception happening online. Beyond the obvious leaks of confidential or sensitive data, the fear of employees revealing too much on public social networking sites carries another danger as cybercriminals use this information to conduct highly targeted spear phishing attacks. Having conducted research about an organization, the phishers then create their targets campaigns - the more information available publicly the easier their job will be.
Businesses have to be extremely careful about what information is posted online. One risk is that employees would accidentally post sensitive or confidential information for the public to see. Companies are increasingly being targeted by sophisticated spear phishing attacks that trick employees into downloading malware or surrendering sensitive data, often unknowingly. The fact is that many businesses are helping criminals succeed by not implementing adequate security as well as failing to ensure employees are aware of the risks that exist and not enabling them to identify and manage these risks.