According to research from NordVPN, more than one billion people were affected by the loss of personal data through 13 data breaches at 11 different companies.
2019 will be no different; cybercriminals are taking no prisoners, and they’re ambitious enough to go after some of the biggest global companies (arguably with more security resources at their disposal) to get what they want – your data.
But you don’t have to be a Facebook or a Google to be on a cybercriminal’s target list.
We feel the results of our experiment offer crucial insight for any business of any sector currently fighting the ongoing cyber battle.
The last pentest by our SensePost redteam proceeded from the assumption that the attacker had already breached the perimeter and secured a ‘beachhead’ on a machine within our private network.
Having ‘secured a beachhead’, the modus operandi for our SensePost team was to run a horizontal brute force attack, using employee information gleaned from open source technology, such as LinkedIn, to build a credible list of ActiveDirectory user IDs.