Social Engineering: The Insider Threat to Cybersecurity
Social engineering, banal as it sounds, is an insidious way of getting “insider access” into an organization’s network and data. Once inside, social engineering enjoys both undetectability and sweeping access, which makes it a potent threat to an organization’s cybersecurity. Let’s examine the various flavors of social engineering and best practices to secure against it.
What are Social Engineering Attacks?
Social engineering attacks involve manipulating employees into performing actions or divulging confidential information that will be maliciously used to break into the organization’s network. Some common examples of social engineering attacks include:
- Phishing: This refers to the fraudulent attempt to obtain personal, financial, or workplace credentials by masking as a trustworthy entity in an email or instant message.
- Spear phishing: This is a more fine-tuned version of phishing where hackers zone in on specific individuals, such as admins. If the target happens to be a high-ranking individual, such as a C-level executive, this attack is often referred to as “whaling.” Using highly personalized emails or social media messages, their IDs and passwords are obtained, which typically have high-level access to sensitive information.
- Vishing: Similar to phishing, except that the mode of attack is via a fake replica of an IVR (Interactive Voice Response) system of a valid company.
- Quid pro quo: Here the attacker often pretends to be part of the customer support team of a service/product used by the victim. Using that pretext, valuable information is extracted.
- Pretexting: Similar to quid pro quo, except that the attacker impersonates a person known to the victim, such as a colleague or authoritative figure within the organization
- Baiting: A ploy where a malware-infected device, such as a CD or flash drive, is strategically planted in a workplace so that it is likely to be discovered and used by the victim.
- Tailgating: Also known as “piggybacking,” this method involves the attacker gaining unauthorized physical access to a secured area within an organization by following a person who gains access via proper validation.
Social Engineering Prevention
Owing to the personalization and intelligence applied, social engineering is difficult to thwart via a blanket security solution. Here are some measures that can help:
- Basic safeguards like spam traps that identify spammers to proactively block emails from them, “sandboxing” email to check the credibility of each clicked link and monitoring the network for unusual spurts of traffic.
- Multi-factor Authentication (MFA) is one of the most effective ways to block such attacks, as it does not rest app authentication only on the password, but combines it with a token and/or other forms of identification. Because social engineering schemes primarily target the user’s credentials, MFA stymies them.
- Employee training can also prove to be a powerful way to prevent social engineering attacks. Conduct regular cybersecurity awareness training and phishing simulation exercises. Send email alerts and newsletters to ensure that employees are aware of the latest social engineering schemes and malware types.
Prepare for the Worst
Spanning’s survey on U.S. Worker Cyber Risk-Aversion and Threat Preparedness found that 64 percent of employees polled failed to identify suspicious links as being the key indicator of a phishing email. In fact, 55 percent admitted to clicking on links they didn’t recognize and 49 percent downloaded a web extension to their work device. When you add to that the perseverance of hackers and the ingenuity of social engineering, an organization’s best defense is to be prepared for the worst.
Explore ways to blunt the impact of a social engineering attack and consequently limit the damage. One methodology that can prove helpful is business continuity and disaster recovery planning. A Disaster Recovery Plan includes preventive measures that mitigate risks such as backing up data on the cloud, detective measures that help discover potential threats and corrective measures that quickly restore data if a breach were to occur. Business Continuity Planning refers to a more comprehensive process that includes disaster recovery planning, assessing all business workflows and setting acceptable Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for various functions.
As you prepare a robust plan to defend your organization against such attacks, know that a secure backup and restore solution is a proven way to quicken recovery and guarantee seamless business continuity. Our customers have reiterated how Spanning’s accurate backup and easy restore has taken the stress out of such breaches and made data loss a non-event — the best possible way to combat threats of Social Engineering.
Don’t Risk Data Loss due to Social Engineering Attacks.