What is the most common hack?It's hard to point to a single most common hack, but there are several common mistakes that happen frequently:
- Weak, or re-used passwords
- Unpatched or outdated software
- Misconfigurations
These are not hacks themselves, but they are the underlying vulnerabilities that enable a lot of the most common attacks.
Even in the modern Cloud Native world, the nuts-and-bolts of good security practices like multi-factor authentication, patch management and configuration are as important as ever.
Do people underestimate the dangers of social media security?
Yes.
In particular, a lot of people think: "I'm nobody special, so no one has any reason to target me." But just like real-world criminals, cyber criminals are often looking for easy opportunities and not just high-value victims. You can still be targeted by an attacker who is just hoping to catch you off-guard so that they can convince you to send them gift cards, a password, banking information, etc.
It's also easy to lose track of how seemingly innocuous pieces of data that we leave on social media can be cobbled together to learn surprising amounts of detail about us. A few years ago my colleagues on the IBM Security Ethical Hacking Team did a research project (with express permission from our "victim") where they showed how they could discover a shocking amount of detail about the victim, knowing only their name and their employer's name.
That's not to say that everyone should panic and delete all of their social media accounts immediately. But we should all be thoughtful about how much we share, who might be able to see it, and what sort of mischief can be done with that information.
In the enterprise we do "threat modeling" where we try to imagine how a product or service could be attacked and plan ways to mitigate those attacks. We can do similar exercises in our personal online lives. Ask: "How might someone attack me?" and then for any attacks that seem realistic, ask "How can I protect myself from that attack.
An example that probably applies to a lot of us:
Someone trying to access your bank account.
You can help protect yourself by:
- Using a strong password (and keeping it in a password manager) that is not reused anywhere else
- Enabling multi-factor authentication
- Having a plan if someone claiming to be from the bank contacts you (do not share any information; hang up and call the bank directly using the number on the bank card or bank website; do not click any links an emails)
- Avoiding sharing information about your bank online. Even something innocuous like "I have banked with Big National Bank since 1993 and they're great!"
Because everyone has unique concerns, there is no one-size-fits-all approach. But with a little bit of care and advanced planning we can all have a more realistic understanding of the dangers presented by social media, and how we can reasonably protect ourselves while still being able to participate.
------------------------------
Troy Fisher
OSCP
Ethical Hacker
IBM Security
------------------------------
Original Message:
Sent: Tue May 10, 2022 04:48 PM
From: Wendy Batten
Subject: 🌟 IBM Champions Think Ask-me-anything (AMA)
We have an ethical hacker as part of our Champions Roundtable tomorrow. Can you share some insight on the following?
What is the most common hack?
Do people underestimate the dangers of social media security?
------------------------------
Wendy Batten
Community Manager
IBM Security
Cambridge MA
wjbatten@us.ibm.com
Original Message:
Sent: Fri May 06, 2022 05:15 PM
From: Doug Moran
Subject: 🌟 IBM Champions Think Ask-me-anything (AMA)
Our IBM Champions are here to answer your questions! Ask them about any of the topics that were covered today during the day's event:
Day 1
- Leading in a changing world
- Modernize business with hybrid cloud
- Putting sustainability strategy into action
Day 2
- Rethink business and IT operations with AI and automation
- Prepare for next-wave cybersecurity threats
- Future of computing
Our experts will hop on the Community Front Porch discussion forum on May 10 and May 11 at 4:30pm Eastern/1:30pm Pacific and start answering your questions right here in this thread. You can also join the preceding Champions Roundtable (Day 1 info; Day 2 info), or Think Broadcast (on our Community Front Porch from 10am-12 noon Eastern/7am-9am Pacific, May 10 & 11).
This AMA event will take place entirely in the discussion forum, so there is no meeting to join. If you can't be online during the hour, don't worry; you can post your questions in advance and read the responses later.
------------------------------
Douglas (Doug) Moran
IBM Software
Community Leader for Cloud Pak for Data & Hybrid Data Management
Information Architect, Content Designer
Community Video Coordinator
Blogging Program Manager
------------------------------