Saudi Crown Prince Mohammed bin Salman reportedly hacked Amazon CEO Jeff Bezos' phone in 2018, an infiltration that is said to have resulted in large amounts of data being covertly stolen from the tech executive's phone over the course of months.
The incident was revealed in a forensic investigation conducted by FTI Consulting that was first reported by The Guardian earlier this week. The United Nations has since called on the United States and other relevant authorities to conduct an investigation. The Saudi government denied the allegations against it and called them "absurd."
Bezos was fooled by a targeted attack.
These spear-phishing attacks are more enticing as they are targeted to the interests of the target.
We can all agree Mr. Jeff Bezos is likely as intelligent as you get and as knowledgeable about tech and cybersecurity.
How does the average worker compare?
Imagine if the methods used on Bezos became more widespread.
Sadly, they are.
As we mentioned earlier today, hacking is getting more sophisticated because marketing automation is being employed by hackers to spread malware in a more targeted fashion.
This means, over time, hacks are getting better and if users do not keep up with training, they are less well-armed to defend against attacks against your organization.
The costs to deal with a breach can be hundreds of thousands to millions depending on ensuing customer loss, fines, increases in cyber insurance premiums and internal information being leaked on the internet.
Could the Bezos attack have been prevented?
Possibly. If you want to stay secure, follow these three steps to start:
1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phish360 is great and costs nothing to get started. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined