Besides malware, cybercriminals continually develop other methods to execute successful cyberattacks. Through social engineering, attackers attempt to gain access to an IT system by systematically collecting publicly available data and information about their victims and processing the accumulated details to deduce possible access credentials. Attackers often rely on publicly available sources such as social networks. The German Federal Office for Information Security identifies the "human factor" as a vulnerability exploited by attackers using social engineering. Another popular attack method is phoning victims or related third parties and impersonating IT support personnel to gather information or gain remote access to the target computer.
Another approach to obtaining access credentials is brute force attacks. Put simply, attackers attempt to guess the access credentials of a secured IT system by testing countless alphanumeric-character combinations at random. If the attackers acquire passwords for an IT system, they use the same methods to guess usernames (reverse brute force attack). These attacks often rely on powerful computers running software to quickly generate and test an immense number of access credential combinations.
To prevent brute force attacks, use strong and unique passwords for your accounts. The strongest passwords include numbers, special characters, and both uppercase and lowercase letters. Additionally, passwords should consist of a certain number of characters; we recommend 12–16 characters. You should limit the number of unsuccessful attempts to input a password before an account is automatically locked, as this drastically reduces the likelihood of a successful brute force attack. Additional protection is ensured by using two-factor or multi-factor authentication, which can secure your accounts even if criminals discover your passwords. Regular password changes and software updates are also essential prerequisites for optimal cybersecurity.
Be aware that social engineering and cyberattacks are often orchestrated by professional entities with expertise and precise knowledge of how to successfully execute their criminal activities. When dealing with unknown calls or inquiries, exercise utmost caution – prevention is better than cure. When dealing with unfamiliar or suspicious contact, conduct thorough identity checks and verify with the contact person’s employer to confirm the existence of a legitimate assignment. Being asked to disclose sensitive information should trigger alarm bells. Do not open email links or disclose your login credentials if prompted via email. Under no circumstances open attachments from unknown senders.
Educate your employees about all the risks, as most successful cyberattacks are enabled by humans. Attack prevention is key to your cybersecurity – nothing happens until something happens.