Business Continuity NewsBriefs - February 21, 2018
These NewsBriefs are produced and delivered weekly by Attainium to keep our friends and clients current on topics relating to Business Continuity, Disaster Recovery and Crisis Management.
Cyber Attacks from Social Engineering
February 21, 2018 - Phishing, vishing (uses phone calls), and smishing (uses text messages) plus impersonation are the top four social engineering techniques used in more than half of the hack attacks these days. In this issue, we're looking at what social engineering is, preventing attacks, your best defenses again these attacks, and how to educate your employees about social engineering.
QUOTE OF THE WEEK
"There is no technology today that cannot be defeated by social engineering."
-- Frank Abagnale --
1. What is social engineering? How criminals take advantage of human behavior
Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. That firewall won't mean much if your users are tricked into clicking on a malicious link they think came from a Facebook friend or LinkedIn connection. Or a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.
https://www.csoonline.com/article/2124681/social-engineering/what-is-social-engineering.html
2. Social Engineering Attacks: Common Techniques & How to Prevent an Attack
Social engineering attacks are not only becoming more common against enterprises and SMBs, but they're also increasingly sophisticated. With hackers devising ever-more clever methods for fooling employees and individuals into handing over valuable company data, enterprises must use due diligence in an effort to stay two steps ahead of cyber criminals.
https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
3. Hacking your head: how cybercriminals use social engineering
Social engineering is nothing new. It's a tool of psychological manipulation that's been used since the dawn of man. Why? To influence people into taking action that might not be in their best interest. Sometimes it's fairly harmless, like a child sweet-talking his mom in order to get extra candy. Many times, however, social engineering is used for nefarious purposes. Social engineering taps into the human psyche by exploiting powerful emotions such as fear, urgency, curiosity, sympathy, or the strongest feels of them all: the desire for free stuff. Which is why cybercriminals have caught on.
https://blog.malwarebytes.com/101/2016/01/hacking-your-head-how-cybercriminals-use-social-engineering/
4. Why Social Engineering Should Be Your Biggest Security Concern
Most people think that social engineering involves engineering the target, and convincing them to give up useful information. That's one way to do it, but it's not the only way. In fact, the most successful methods involve never letting your target know until it's too late. Don't get us wrong, hackers and data thieves are still interested in your passwords, it's just that in order to get at your data, there are far more effective ways to do it than trying to brute force your Google account.
https://lifehacker.com/why-social-engineering-should-be-your-biggest-security-1630321227
5. Nine Best Defenses against Social Engineering Attacks
Social-Engineer.org, a non-profit organization of security experts seeking to raise awareness of the data theft threat posed by social engineering techniques, showcased just how vulnerable businesses are through a contest it organized at the DEF CON 18 Hacking Conference. The web site released a report on the data generated by the contest last month, and spoke to eSecurityPlanet.com about some of the things you can do to secure your company against hackers employing social engineering techniques.
https://www.esecurityplanet.com/views/article.php/3908881/9-Best-Defenses-Against-Social-Engineering-Attacks.htm
6. Social Engineering Basics: How to Educate Your Staff
Nearly every person in your organization likes to think of him or herself as solid, dependable, and professional. So imagine how they would feel if they realized they'd been totally taken in by a scam artist. Now imagine that on top of being taken in, they'd allowed the scam artist to steal from or damage your organization.
https://www.tracesecurity.com/blog/social-engineering-for-dummies-how-to-educate-your-staff
Copyright (C) 2018 Attainium Corp - All rights reserved.