Social engineering attacks are not only becoming more common against enterprises and SMBs, but they're also increasingly sophisticated. With hackers devising ever-more clever methods for fooling employees and individuals into handing over valuable company data, enterprises must use due diligence in an effort to stay two steps ahead of cyber criminals.
Social engineering attacks typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. Commonly, social engineering involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file. Because social engineering involves a human element, preventing these attacks can be tricky for enterprises.
October is National Cyber Security Awareness Month, and in recognition of the initiative we wanted to educate companies, employees, and end users on how to better recognize social engineering efforts and prevent these attacks from succeeding. To uncover some of the most common social engineering attacks being used against modern enterprises and get tips on how to avoid them, we asked a panel of data security experts and business leaders to answer the following question:
"What are the common social engineering attacks made on companies, and how can they be prevented?"
See what our experts had to say below:
Joe Ferrara is President and CEO of Wombat Security Technologies. Joining Wombat in 2011, Joe brings 20 years of experience in technology marketing, operations and management to his role as President and CEO. Recently Joe was a finalist for EY Entrepreneur Of The Year Western Pennsylvania and West Virginia and received a CEO of the Year award from CEO World. Joe has provided expert commentary and has spoken at numerous information security industry events including RSA Europe, the CISO Executive Network forum, ISSA International, and information security regional conferences.
My advice for companies related to the increasing prevalence of social engineering attacks is...
Commonly defined as the art of exploiting human psychology to gain access to buildings, systems, or data, social engineering is evolving so rapidly that technology solutions, security policies, and operational procedures alone cannot protect critical resources. A recent Check Point sponsored survey revealed that 43 percent of the IT professionals surveyed said they had been targeted by social engineering schemes. The survey also found that new employees are the most susceptible to attacks, with 60 percent citing recent hires as being at high risk for social engineering.
Companies should promote a people-centric security culture that provides ongoing training to consistently inform employees about the latest security threats. Fighting attacks against the human mind requires behavioral changes more than technology defenses.
Companies should use a combined approach of simulated social engineering attacks coupled with interactive training modules to deliver the best result. Incorporating continuous training methodology can be the difference between a five-alarm data breach and a quiet night at the office.