What is the most common way to get hacked?

In the era of BYOD, the less technical among us are prime targets for cybercrime attacks against your company. Learn the six top ways non-tech people get hacked.

1 of 7 ©iStock.com/Nyanza

Non-technical people are favorite targets for malicious hackers, from data dealing crime rings to targeted corporate espionage attacks.

As we've seen in far too many recent instances where difficult, large targets have been infiltrated and bled from within over a period of time, sometimes all it takes is one person clicking the wrong thing at the right time.

Oftentimes, these fateful entry points are created by people who have no idea what's going on; non-technical employees (or even executives) who serve as an unwitting vector for exploitation.

You can't make every employee tech-proficient, and that's troubling in an era where attacks are constant, and enterprise security endures some profound cloud, infosec hiring, and BYOD growing pains.

What you can do is learn the top ways malicious attackers exploit your weakest links, as described on each of the following pages.

Next: Banking and retail break-ins

See also:

• FBI Director: Mobile encryption could lead us to 'very dark place'
• Average company now compromised every four days, with no end to the cybercrime wave in sight
• When POODLEs attack, IPS and NGFW are your first defense
• Snapchat warns users against third-party apps after image leak
  

2 of 7 Violet Blue/ZDNET

Banking and retail break-ins

Target, JP Morgan Chase, Verizon, Home Depot... the list goes on. The Identity Theft Research Center's 2014 report summary of data breaches paints a disturbing picture of 2014 to date -- as of October, there have been 606 known and reported major breaches and 77,577,208 records stolen.

The Banking, Credit and Financial sector has seen 24 breaches so far, with 1,172,320 records compromised; Business is at a stunning 211 breaches with 64,407,359 records stolen; Medical/Healthcare has also been hit hard this year with 259 successful hacks and 7,151,542 records pilfered. 

As we remember from the RAND report on the hacker's black market, these records get used in many ways. As well as identity theft, the records get compiled into databases used for spear-phishing and other targeted attacks... and the cycle begins again.

Next: Third party app compromise

See also:

• FBI Director: Mobile encryption could lead us to 'very dark place'
• Average company now compromised every four days, with no end to the cybercrime wave in sight
• When POODLEs attack, IPS and NGFW are your first defense
• Snapchat warns users against third-party apps after image leak
  

3 of 7 Violet Blue/ZDNET

Third party app compromise

If Chris Dixon's 'Decline of the mobile web' numbers are on the money, the lion's share of internet access is now mobile and in 2013, 80% of the time spent online on mobile devices was through apps.

Access to online content for mobile users is primarily through just two companies: Apple iTunes apps and Google's Chrome Store apps. For phone and tablet users, the internet as we once knew it is being gradually replaced by mobile apps.

Ask most Android users what malware is, and you'd likely get a blank stare -- despite the fact that 97% of mobile malware and trojans are on Android. F-Secure's Mobile Threat Report Q1 2014 was a bucket of cold water in terms of just how pervasive attacks on typical users are, and how they can spread through apps into businesses.

Add that to hacks like Snapchat's repeat performances and it's no surprise that app users are getting hacked like there's no tomorrow.

What's worse, mounting evidence shows that app makers haven't put user security first. Because even the most negligent apps -- repeat offenders like Snapchat -- aren't bring brought to heel, it's only a growing attack vector for the non-technical victim (who might otherwise take operational security precautions).

Next: Phishing, phishing and phishing

See also:

• FBI Director: Mobile encryption could lead us to 'very dark place'
• Average company now compromised every four days, with no end to the cybercrime wave in sight
• When POODLEs attack, IPS and NGFW are your first defense
• Snapchat warns users against third-party apps after image leak

4 of 7 Violet Blue/ZDNET

Phishing, phishing and phishing

Phishing is an incredibly popular attack -- because it works. Today's typical phishing attack is an email or text message disguised to look familiar, fooling the unwitting to click on a link or download an attachment, or image.

The URLs within the message may look correct, or almost-correct, or may look right but go to a redirect page; either way the links lead to infected web pages. Sometimes the pages are hosted on the actual site's server, with the host having been compromised long ago.

One attack uses popular trends, emailing front-page news headlines as if from a friend or a newsletter. Another angle is an email that looks like it comes from a friend or a fellow employee, with a foul link, or a malicious attachment. 

The bottom line is, if you're not expecting it, be suspicious. If you get an official looking email from a bank, or any other business that handles your sensitive information, go directly to the website: Don't click links in emails -- or texts.

Next: Social engineering

See also:

• FBI Director: Mobile encryption could lead us to 'very dark place'
• Average company now compromised every four days, with no end to the cybercrime wave in sight
• When POODLEs attack, IPS and NGFW are your first defense
• Snapchat warns users against third-party apps after image leak
  

5 of 7 Arthur Mola/Invision/AP

Social engineering

6 of 7 ©iStock.com/adrian825

Bad password practices

7 of 7 Violet Blue/ZDNET

Malvertisements

Related Galleries

What do hackers hack most?

Can I tell if I have been hacked?