According to Security Magazine, Hackers attack every 39 seconds, with 1 in 3 Americans attacked this past year alone. Additionally, 62% of companies have experienced phishing social engineering attacks, making it one of the top three cyberthreat concerns for 2016.
What is social engineering?
Social engineering is a method that depends on human interaction and often involves deceiving people into breaking normal security procedures. It refers to psychological manipulation that is typically very effective in gaining access to otherwise restricted information. Social engineering exploits rely on people’s willingness to be helpful or simply their lack of knowledge.
A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme.
The data suggests that social engineering is one of the greatest security threats facing organizations especially because they can be non-technical attacks and don’t necessarily involve the compromise or exploitation of software or systems.
What is an example of social engineering?
One example is an email that explains there is a problem and requires you to ‘verify’ information by clicking on the provided link and inputting the desired information. The link may appear legitimate with logos and content, giving you the impression that you can trust this source. The criminals may have email copied a company email exactly, so there is little difference between a valid Apple email, for example, and a fraudulent one.
These types of phishing scams may also include a warning of what will happen if you fail to act soon because “criminals know that if they can get you to act before you think, you’re more likely to fall for their phish.”
What are the different types of social engineering?
- Spear phishing
- Shoulder surfing
Why are social engineering attacks dangerous?
Everyone is a target, even a security professional can be a target for social engineering attacks, especially as criminal’s strategies get more effective and realistic. As you can see from the data points listed above, these attacks are gaining in prominence and sophistication.
Attackers prey on a person’s human nature in these scenarios, that is, the desire to help and the innate want to trust, making it much harder for a victim to determine they are being tricked. Because the tactics used do not always require a computer and can sometimes mimic the official feel of a trusted source, an extra layer of difficulty is forced on the victim.
How can I protect myself and my organization against social engineering?
“Cultural concepts can help different segments of the organization work effectively or work against effectiveness towards information security within an organization. Research shows information security culture needs to be improved continuously. In ‘Information Security Culture from Analysis to Chang,’ authors commented, ″It′s a never ending process, a cycle of evaluation and change or maintenance.″ To manage the information security culture, five steps should be taken: Pre-evaluation, strategic planning, operative planning, implementation, and post-evaluation.”
It is every individual’s responsibility to be aware about what information is being willingly shared online and never provide more than what is necessary. Although this measure sounds simple, security awareness is a critical aspect of strengthening security policy.
Not only is it critical for organizations to train people on the tactics that may be used against them so they know what to be aware of, but it is all a necessity for those individuals to abide by the rule of ‘verify first, trust later.’
For those looking to gain a fundamental understanding of functioning securely in a digital environment, the IC3 Digital Literacy certification is ideal, as it has become the preferred solution for measuring and validating digital skills of students and employees all around the world.
Obtaining the IC3 Digital Literacy certification signifies that you possess the fundamental knowledge to effectively use some of the world’s most current and prominent technologies. The exam is divided into 3 parts: computing fundamentals, living online, and key applications.
Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.