In honor of October being National Cyber Security Awareness Month, we ask you to consider this scenario:
How Cyber-Criminals are Stealing Direct Deposit Information
Bob is in a hurry, running from meeting to meeting and one day he receives an email from his organization’s “PeopleSoft Admin” claiming his password is expiring. What does Bob do? Well, given he checks his paystubs every two weeks, he just adjusted his medical benefits, and made a revision to his W-4 – he “confirms” his old password (to create a new one) so he doesn’t run the risk of getting locked out of his account. Bob has now become the latest spear-phishing victim.
Sadly, the email from the “PeopleSoft Admin” was actually coming from a cyber-criminal using a targeted phishing email to dupe Bob into surrendering his PeopleSoft credential. Now that our cyber-criminal has Bob’s information, they immediately log into Bob’s payroll account, change his direct deposit destination, and wait until payday. Once payday arrives, they get Bob’s direct deposit, log back in to Bob’s account, change Bob’s direct deposit information back (essentially erasing their tracks), and leave Bob to wonder why his paycheck has not been deposited. Bob has no choice but to call HR so they can begin the painstaking forensic process of unraveling the mystery of Bob’s disappearing paycheck.
Data Breaches on the Rise
According to Verizon’s 2017 Data Breach Investigation Report, “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” Rather than breaking in through the door or windows, the intruders are stealing keys and guessing the passwords of your users – and erasing their tracks as they leave with your data. Organizations are foolish to think that focusing their resources solely on powerful firewalls will keep their data safe. With 81% of hacking-related breaches using valid passwords – the challenge is about protecting your belongings when the robber is already in your house.
Phishing and spear phishing tactics often play a significant role in these malicious acts. Users being asked to “reset” or “verify” their passwords with authentic-looking emails have proven to be a successful means for attaining credentials. The level of sophistication of phishing and spear phishing emails is being raised daily, and given the pervasive use of mobile devices for accessing ERP applications, cyber criminals know that mobile users can often be the most vulnerable. In addition, with PeopleSoft users’ continued adoption of Fluid pages (seeking an optimized mobile UI) the problem will only get worse.
2017 has been an especially challenging year for IT security professionals. Consider these findings from Gemalto’s First Half of 2017 Breach Level Index Report:
- Nearly 2 Billion – Records Breached in First Half of 2017
- 918 – Number of Breach Incidents in First Half of 2017
- 164% – % increase of compromised records in first half of 2017, compared to the last half of 2016
The most vulnerable industries? Healthcare (25% of breaches), Financial Services (14% of breaches), and Higher Education (13% of breaches.) The Higher Education industry being so susceptible to breaches may come as a surprise, but it shouldn’t when you consider that the vast majority of users (students) have (according to Gemalto’s report) “[a mix of] varying degrees of technical skills and curiosity.”
At GreyHeller, we are constantly speaking to organizations after a destructive security breach as occurred. Evaluating the mess created and seeking solutions to ensure the past doesn’t repeat itself. Which is why, for National Cyber Security Awareness month – we encourage you to ask yourself the question: Is my organization truly prepared if cyber criminals attain valid user credentials? Are my belongings safe if the robber is already in my house?
We invite you to participate in the following sessions, developed to demonstrate solutions that combat malicious activity from within your PeopleSoft environment and serve to keep your PeopleSoft applications phish-proof!
Thursday October 19th – Demo of GreyHeller’s PeopleSoft Single Sign On solution (SSO via ADFS and Microsoft 365)
Tuesday October 26th – Demo of GreyHeller’s Layered Security Platform – ERP Firewall (solutions for data loss prevention, intrusion prevention, and incident response)