Make Your People the Strongest Link Against Data Breaches, Not the Weakest
Did you know that, according to reports and as published by Deloitte, 91% of all cyberattacks begin with a spearphishing email? Or that 32% of all successful data breaches use phishing techniques?
Such attacks come under the term ‘social engineering’, which simply means an attack using human interaction.
How does social engineering work?
Social engineering uses psychology to make the victim believe an interaction (like an email or phone call) is genuine. The aim is to deceive the victim into sharing sensitive information.
Attacks occur in one or more steps. The attacker starts by investigating the victim, looking for information they can use to ‘prove authenticity’, and for the weak security protocols to make the attack.
The perpetrator then gains the victim’s trust, and prompts actions that break the employer’s security policies and protocols. Typically, this may include revealing sensitive information, or even sharing passwords.
How can you prevent social engineering attacks from being successful?
It’s crucial that all your people are aware of social engineering attacks and what they look like. One way to do this is by implementing comprehensive security awareness training, ensuring that all employees recognize tactics used in social engineering attacks, which include:
-
Phishing and spearphishing (usually emails or phone calls targeting specific groups or individuals)
-
Piggybacking (where an unauthorized person follows someone into a restricted area)
-
Pretexting (when a fabricated scenario is used to steal information)
-
Quid pro quo (where a benefit is offered for information provided)
Other strategies that you should use to combat social engineering attacks include:
-
Developing a comprehensive data security policy
-
Encouraging employees to report all potential attacks
-
Creating and implementing a solid data security strategy
-
Using multi-user authentication
-
Ensuring antivirus and malware software is regularly updated
Is your company and its employees prepared for social engineering attacks?
Having the above measures in place, and regularly reviewing them, will help limit the number of social engineering attacks your employees receive; and should an employee receive an attack, the training provided should provide the knowledge and capability to thwart that attack.
How is your company performing against social engineering attacks? Contact Millennium Tech USA to discover how we can help you assess your state of preparedness.