The seventh and final SYN-of-the-week is LUST.
Lust refers to the desire to gain attention or validation online, which can lead individuals to engage in risky behavior that compromise their safety and privacy.
As a first rule of cyber security, organizations protect their perimeters against external attackers. But, what happens when the threat is coming from inside? Insider threats are often overlooked because insiders are “one of us”. But, insider threats are on the rise: https://tinyurl.com/mw2f9ruk
Insider threats come in multiple forms, for example:
– employees motivated to attack the organization,
– employees who bypass security to make work easier and
– employees who unintentionally cause a breach.
But, how does a trusted insider become a threat to an organization? One possibility is via targeted manipulation. Attackers use social engineering techniques to exploit weaknesses they observe in an individual’s online activity. In the quest for recognition, it is easy for individuals to overlook the risks associated with attention-seeking online. Whether it’s the desire for more followers, popularity, or viral content, this lustful pursuit can blind us to the potential online dangers. Attackers profile these individuals, build up trust and then use that trust to gain access to an organization.
Risky behavior online not only endangers organizations, but it is also a danger to the individual. Sharing personal information without caution, engaging with strangers inappropriately, or seeking validation can lead to online harassment, identity theft, stalking or fraud.
What can we do?
The counterbalance to lust is SAVVY.
You can cultivate a successful online persona, but be savvy about it. Exercise caution when sharing personal information online. Be selective about who you interact with, and recognize signs of social engineering. See this great awareness site that covers common fraud and manipulation schemes: https://tinyurl.com/2d8v86wf
Organizations can exercise savvy by understanding how insiders can become threats, assess which types of insider attacks could have the biggest impact to the organization and develop an action plan. Plans often include targeted awareness and controls, both technical and process, that can help manage the risks. This article provides a nice summary of options: https://tinyurl.com/mr3cbxa8
For a great story and an example of a company that has implemented targeted controls to detect internal threats, check out the Dark Net Diaries episode, “Jeremy from Marketing”. https://tinyurl.com/5ecaushf
#BSidesMunich23, #SYNs
Join us at the conference on October 14-15!
Submit a presentation or workshop idea: https://2023.bsidesmunich.org/callforpapers/
Sponsor our conference and our community! https://2023.bsidesmunich.org/sponsors/
Image: https://pixabay.com/de/photos/mögen-liebling-social-media-wort-1804599/