14 DAY TRIAL // The results of a test show that some of the most important companies in Australia are highly vulnerable against cybercriminals, their security being breached almost instantly after the examination began.
According to SC Magazine, the penetration testing firm Securus Global, conducted a series of infiltration tests with the purpose of evaluating the effectiveness of security in a corporate environment.
All sorts of attacks were launched against the companies, including ones designed to test physical protection measures.
The reports show that the biggest flaw is actually represented by employees which were tricked every single time by social engineering tricks. Most of them immediately handed over classified information over the phone or the internet when they were convinced that the demands were made by someone with authority.
This proves that organizations are making mistakes when they invest in state of the art equipment and software, instead of spending those funds on the education of staff members.
"When we started this we though it would take weeks to own them," said Drazen Drazic, director of the testing firm.
"But it took less than a few hours," he added.
Unfortunately, according to the director, their task of obtaining secret information wasn't difficult and they even got to the point of breaching offshore sites.
One of the larger organizations asked to be tested to the maximum limit, to see what would it take to compromise their executive managers, a task completed by Drazic's team in no time.
This should be a wake-up call for businesses all around the world. In most scenarios, the poor security training of the staff is the number one cause of breaches. Most of them are very gullible and will hand out anything requested from them as long as they believe it's for someone with connections to the company.
When it comes to protecting your assets, you can have the best equipment and the best measures in the world, but if you're missing the key element, represented by well-educated employees, you are bound to fail against cyber attacks.