OUR CREW
Normally, this is where you would see smiling faces, names, and email addresses for the members of our IntelliSystems family. We would have links to pages that shared information about our leadership and employees. The pages would also include fun facts, hobbies, and interests, so that you could see we are friendly and real people just like you.
Here’s why we no longer publish such pages, and why your business shouldn’t do it either.
Listing detailed information about your team gives attackers information that they shouldn’t have. This is information that will help them to build effective social engineering attacks on your employees, families, clients, vendors, etc…
Cyber-crime is one of the fastest growing “industries” in the world, with the potential for huge payoffs for its practitioners.
Cyber criminals know that if they can breach the defenses of an organization, they have a variety of tools at their disposal that can be used to generate tons of cash. Malicious tools can be used for ransom, extortion, blackmail, resource theft and more.
For a criminal, a successful compromise of even a small organization can result in the theft of thousands or tens of thousands of dollars. The possibility for monetary gains can provide an attacker with powerful motivation to spend whatever time is necessary to learn everything there is to know about a potential target.
In addition to the above-mentioned cash losses, email hijacking can result in reputational damage and legal liability with vendors and customers. A single user compromised from a single email can facilitate a means of explosive expansion, which leads to additional businesses and individuals also becoming compromised. When emails are received from seemingly trusted email accounts, it’s easy to trick individuals into unwittingly performing criminal activities.
Cybercrime is no longer the domain of the kid in the basement - this is big business.
Successful attacks against all kinds of organizations happen all the time. You don’t often hear about them because companies aren’t exactly proud to share that they have been successfully victimized. In some cases, companies are required by law, regulation, or contract to disclose breaches, but disclosure often doesn’t occur unless it is unavoidable.
In addition to having a comprehensive stack of technical security controls, companies must now start controlling how much information they give away to their adversaries on the public internet. Knowing all about the “cast of characters” at an organization makes an attacker’s job MUCH easier. While we regret the demise of the humanizing element of the traditional “About Us” page, the cost of giving that information away to appear friendly and down-to-earth is simply too high.