Why you need to take IT Social Engineering more Seriously
Many hardware and software vendors have taken steps to address security in their products to combat the growing rise of cyber-crime. There are many solutions on the market today that IT can deploy to minimize risk.
Even if you have the best hardware and software security platforms implemented at your organization, breaches may still occur if staff training towards security is neglected.
Social Engineering has become both an art and a science in how to manipulate people into giving up confidential information. Utilizing social engineering methods to obtain information such as passwords are typically easier than to hacking. As mentioned earlier, as hardware and software advances improve security, expect a rise in social engineering attacks.
Hackers have stepped up their game and attacks are more sophisticated. Phishing emails are targeted to organizations rather than a mass spam email campaign.
C level executives are now targets. Criminals “spoof” and impersonate a target’s email address and send wire transfer instructions to subordinates. Business Email Compromise or CEO Fraud is the name of this scam. The FBI reported that 1.2 billion has been stolen worldwide due to this scam last year. I even received an email last week from someone impersonating the president of a logistics company.
The key takeaway here is that this scam is working and training staff to identify these threats is now necessary. Here is a link to a story of a CEO Fraud attack that almost worked and how training prevented it.
LinkedIN is another resource where business professionals are targeted. Fake recruiters have been able to gather information not only on the target, but also mapping out their connections as well. A fake recruiter once reached out to me and because this individual was already connected to two of my trusted colleagues, I did not question his legitimacy. Luckily all he got was my resume. Extra vigilance is now required when accepting connection requests, otherwise we run the risk not only to ourselves, but to our connections as well.
What Actions to Take:
- Conduct staff training regarding current security policies and social awareness training
- Be extra vigilant regarding connections and communications on social media sites
- Review security policies and action plans at least once per quarter
- Subscribe to a blog/website that provides updates on social engineering ( I personally like CyberHeist News from KnowBe4 https://www.knowbe4.com/cyberheist-news/ )