{"id":116699,"date":"2022-09-14T08:00:00","date_gmt":"2022-09-14T06:00:00","guid":{"rendered":"http:\/\/e3mag.com\/?p=116699"},"modified":"2024-01-19T12:58:19","modified_gmt":"2024-01-19T11:58:19","slug":"spear-phishing-vulnerability-human","status":"publish","type":"post","link":"https:\/\/e3mag.com\/en\/spear-phishing-vulnerability-human\/","title":{"rendered":"Human vulnerability in the hacker's sights"},"content":{"rendered":"

Security Spear-Phishing Threatens SAP Security<\/h2>\n\n\n\n

SAP data is among the most coveted objects of cybercriminals. The theft of sales and personal customer data, intellectual property and financial data, which provide leverage for insider trading, collusion and fraud, appears to be particularly rewarding. No wonder, then, that attackers are coming up with increasingly sophisticated methods to gain access to business-critical SAP systems. In addition to technical security gaps, the human vulnerability is increasingly being targeted. To exploit this, the fraudsters send SAP users deceptively genuine-looking spear phishing emails, ostensibly in the name of superiors, employees or colleagues. They have meticulously researched the necessary company and employee information in social media and other Internet sources beforehand. <\/p>\n\n\n\n

In these phishing e-mails, the attackers pack plausible-looking prompts to entice their potential victims to divulge highly sensitive data. To ensure that recipients open the incoming mails without thinking and follow the instructions, the fraudsters rely on tried-and-tested psychological tricks. Among the most common emotional influencers are: Belief in authority (the hackers pose as a member of management and demand that the employee hand over financial data in order to gain an overview of business developments), time pressure, fear and curiosity.<\/p>

\"\"<\/a><\/div>\n\n\n\n

Security Awareness Training<\/h3>\n\n\n\n

Many companies have now recognized the threat that spear phishing attacks pose to their SAP security. As a result, SAP customers are also showing increased demand for security awareness training to arm employees against phishing attacks. However, the classic offerings are not sufficient for this. Since the training courses focus on imparting theoretical knowledge within the framework of classroom training, e-learning and webinars, only the rational decision-making ability of the participants is improved.<\/p>\n\n\n\n

\"\"
The Employee Security Index (ESI) provides a method for measuring awareness. The higher the ESI and awareness, the lower the likelihood of incidents. Source: IT Seal.<\/em><\/figcaption><\/figure>\n\n\n\n

Spear phishing attacks, on the other hand, target the quick, intuitive decisions of email recipients. Therefore, awareness training should be supplemented with spear phishing simulations that use real company and employee information to recreate authentic attacks. But instead of being hooked by the scammers, employees land directly on an interactive explanation page. Here, they are shown step by step how they could have recognized the fake e-mails: for example, by letter rotations in the address line, deviating URLs or subdomains. <\/p>\n\n\n\n

Phishing simulations are particularly effective because they take advantage of an employee's \"most teachable moment\" and make him aware of his misconduct directly during the attack. This \"shock effect\" ensures that he will be more careful with incoming emails in the future. To ensure that the learning effect continues, spear phishing simulations should be repeated and updated regularly. To prevent employees from feeling that they are being controlled or even tricked, companies should communicate planned phishing simulations in good time. <\/p>\n\n\n\n

It is also important to align training with the individual learning needs of employees and to document learning progress. The Employee Security Index (ESI) provides a realistic and reproducible method for measuring awareness. The ESI provides tangible and reliable metrics on employee security behavior in phishing simulations of varying difficulty. This enables a company to communicate the learning progress of its workforce and define a common goal for which IT security officers, management and employees are pulling in the same direction.<\/p>","protected":false},"excerpt":{"rendered":"

Not only technical vulnerabilities can massively impair SAP security - human error is also part of it. Why SAP users should be specifically prepared for possible spear phishing attacks.<\/p>","protected":false},"author":2596,"featured_media":116701,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"pmpro_default_level":"","footnotes":""},"categories":[40957],"tags":[637,40960],"coauthors":[41006],"class_list":["post-116699","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mag-22-07","tag-hacker","tag-mag-22-07","pmpro-has-access"],"acf":[],"featured_image_urls_v2":{"full":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"thumbnail":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-150x150.jpg",150,150,true],"medium":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",400,180,false],"medium_large":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-768x346.jpg",768,346,true],"large":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"image-100":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-100x45.jpg",100,45,true],"image-480":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-480x216.jpg",480,216,true],"image-640":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-640x288.jpg",640,288,true],"image-720":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-720x324.jpg",720,324,true],"image-960":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-960x432.jpg",960,432,true],"image-1168":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"image-1440":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"image-1920":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"1536x1536":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"2048x2048":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"trp-custom-language-flag":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",18,8,false],"bricks_large_16x9":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"bricks_large":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"bricks_large_square":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",1000,450,false],"bricks_medium":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",600,270,false],"bricks_medium_square":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo.jpg",600,270,false],"profile_24":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-24x24.jpg",24,24,true],"profile_48":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-48x48.jpg",48,48,true],"profile_96":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-96x96.jpg",96,96,true],"profile_150":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-150x150.jpg",150,150,true],"profile_300":["https:\/\/e3mag.com\/wp-content\/uploads\/2022\/08\/shutterstock-2072153111-Diki-Prayogo-300x300.jpg",300,300,true]},"post_excerpt_stackable_v2":"

Nicht nur technische Schwachstellen k\u00f6nnen die SAP-Sicherheit massiv beeintr\u00e4chtigen \u2013 auch menschliches Fehlverhalten geh\u00f6rt dazu. Warum SAP-Anwender gezielt auf m\u00f6gliche Spear-Phishing-Angriffe vorbereitet werden sollten.<\/p>\n","category_list_v2":"Mag 22-07<\/a>","author_info_v2":{"name":"David Kelm, IT Seal","url":"https:\/\/e3mag.com\/en\/author\/david-kelm\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/posts\/116699","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/users\/2596"}],"replies":[{"embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/comments?post=116699"}],"version-history":[{"count":1,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/posts\/116699\/revisions"}],"predecessor-version":[{"id":137704,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/posts\/116699\/revisions\/137704"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/media\/116701"}],"wp:attachment":[{"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/media?parent=116699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/categories?post=116699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/tags?post=116699"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/e3mag.com\/en\/wp-json\/wp\/v2\/coauthors?post=116699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}