Social Engineering and how to avoid getting ‘caught’
In order to understand what caused the data breach, the company decided to bring in an expert from Hoffmeister Securities to explain social engineering techniques practiced by hackers. The social engineering attacks are psychological tactics that hackers are using to fool users handling sensitive and confidential data. Usually emails, different website pop-up adds or another type of communications that contains some kind of urgency or emotional information are methods of social engineering attacks. For example: in the case of the organization’s data breach, the malware software probably came under the form of an email with an authentic sender source and format, including the company’s logo. Even though the company has all the security screening software in place, some of those emails can still pass those filters. Once the end user got this email, it’s in his power to examine if it’s coming from a legitimate source. Just because the email structure is very similar to regular company communication emails, that doesn’t mean that an employee should access that email. As Nate Lord said, “The rule is, Think Before You Click” (Nate Lord, Social Engineering attacks, 2018).
In today’s technology, the social engineering attacks, like phishing and ransomware, are more likely to happen around social events, when it’s a conducive environment for greater success. A few examples of the good environment for social engineering attack could be the tax season, companies’ anniversary time, new products coming up with announcements, etc. Even a good trained employee will fall under a very high sophisticated email, especially when this communication is coming from the management departments. The best way to succeed against those types of attacks is to train the employees to always be vigilant of the security aspect of their job. They have to keep in mind that security is the top priority, and keep them up to date by training and testing using inside company anti-phishing tools. Also, the organization should have a precise scheme for inside communications. The normal approach is to individualize actions to minimize the risk exposure to a social engineering attack.
In order to understand what caused the data breach, the company decided to bring in an expert from Hoffmeister Securities to explain social engineering techniques practiced by hackers. The social engineering attacks are psychological tactics that hackers are using to fool users handling sensitive and confidential data. Usually emails, different website pop-up adds or another type of communications that contains some kind of urgency or emotional information are methods of social engineering attacks. For example: in the case of the organization’s data breach, the malware software probably came under the form of an email with an authentic sender source and format, including the company’s logo. Even though the company has all the security screening software in place, some of those emails can still pass those filters. Once the end user got this email, it’s in his power to examine if it’s coming from a legitimate source. Just because the email structure is very similar to regular company communication emails, that doesn’t mean that an employee should access that email. As Nate Lord said, “The rule is, Think Before You Click” (Nate Lord, Social Engineering attacks, 2018).
In today’s technology, the social engineering attacks, like phishing and ransomware, are more likely to happen around social events, when it’s a conducive environment for greater success. A few examples of the good environment for social engineering attack could be the tax season, companies’ anniversary time, new products coming up with announcements, etc. Even a good trained employee will fall under a very high sophisticated email, especially when this communication is coming from the management departments. The best way to succeed against those types of attacks is to train the employees to always be vigilant of the security aspect of their job. They have to keep in mind that security is the top priority, and keep them up to date by training and testing using inside company anti-phishing tools. Also, the organization should have a precise scheme for inside communications. The normal approach is to individualize actions to minimize the risk exposure to a social engineering attack.
Read more about the social engineering:
What is social engineering? Tips to help avoid becoming a victim
What is social engineering? Tips to help avoid becoming a victim