View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Lack of data stripping puts firms at risk of cyber-attacks

Email attachments are one of the most common ways for a firm to be hacked into.

By CBR Staff Writer

Large companies are at risk of cyber-attacks, due to not doing enough to strip data from their websites research suggest.

Data is becoming available on company websites as soon as employees carry out their work and update their webpages by creating new documents and other files.

Using the data, hackers could then specifically target a member of staff through their individual computer, security firm Glasswall outlined in their research report.

The most common sectors of the industry to be leaking data were found to be high profile firms such as banks, law establishments and government departments.

Read more: Why security automation should be welcomed, not feared

Lewis Henderson, a vice-president at Glasswall, gathered the data by targeting websites for a number of days and took copies of the files published on different organisations websites. The files include pictures, spread sheets and other public documents.

He said: “This was all done from a single IP address and in broad daylight.”

Lack of data stripping puts firms at risk of cyber-attacks

Glasswall research finds companies aren’t protecting their data enough from cyber-attacks

The vice president reported that the majority of the files he took from the websites contained metadata, which deceived important information about employees. One case

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

that had internal use identification attached to the file allowed Mr Henderson to source a guide to a login procedure for a law firm’s office.

A statement by Mr Henderson said: “We did what a malicious actor would do, which is intelligence gathering on a large scale.”

Glasswall’s research reported one of the easiest ways in for hackers is through email attachments. The research outlined that 94% of cyber-attacks are carried out through illegitimate attachments that pose as trustworthy.

It takes a click to open the email which has a malicious code buried within it, which once activated will trigger a malware download to immediately steal a business’s most important data or hold it as a threat, which many companies have witnessed over the last few months.

Read more: Dow Jones S3 cloud carelessness leaves door open on WSJ customer data

The research data found that cyber-attacks were so easily carried out because attachments looked so legitimate. It was found that 40% of attachments were through invoices, which employees don’t expect to be suspicious so they open them, whilst 27% came through presentations.

Once hacked into the system, hackers can retrieve information from files uploaded to their websites. Personal IDs, usernames, employee information and software versions for internal computers could all be retrieved from the click of a button.

Following the collection of data, Mr Henderson said a hacker would then take to social media. With the information they have, the use of Facebook and LinkedIn could easily allow them to track the information to a real person.

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.