Cybercriminals no longer see your organization as just their next target; they see the organization as a valuable source of intel and the launch point for their next attack.
In business today, when you have one good client, you use them to help refer you to the next one, right? That’s exactly what the bad guys are doing – thinking like a business and taking advantage of their “customers” – you.
It’s called Island Hopping – the process of leveraging one compromised organization to help them gain entry into another. According to security vendor Carbon Black’s Global Incident Response Threat Report, island hopping now occurs in half of all attacks.
Island hopping generally starts with smaller, more vulnerable organizations that work with larger ones. The infamous Target breach is a perfect example, as it began by compromising Target’s HVAC vendor. In today’s attacks, Island hopping generally occurs in the form of using compromised email accounts to either spread malware to, or to defraud, a vendor, contractor, or part of a supply chain.
But to take advantage of island hopping, cybercriminals need to first use traditional attacks to gain initial entry into your organization. This can be via phishing and social engineering attacks, and… yep, you guessed it – island hopping from one the organizations you do business with!
Users need to be trained to be on the lookout for questionable emails – even from known entities and persons. Just because the email says it’s from someone you know, doesn’t mean it is. Putting continual Security Awareness Training in place can elevate user’s attentiveness to possible email scams intent on compromising your network, and making you work for the bad guys.