Triskele Labs Blog

How to guard your company against social engineering attacks

Written by Nick Morgan | Jul 1, 2020 9:47:00 AM

Recently, I’ve seen a spike in offers coming through to my personal email. Pizza Hut, Woolies, and even EB Games - everyone seems to have something for me! While I was sorting through all of this the other day, I came across a message from a bank I maintain an account in.

On the surface, everything seemed fine. They were conducting routine maintenance and the email said they would be updating their systems that week. Where things got a little suspicious was when they asked if I could send across the username and password to my online banking account for “maintenance”. 

To demonstrate that they were legit, they used a couple of personal details about me, which could have easily been found through a thorough Google search. 

This is not the first time I’ve received emails like this and it certainly won’t be the last. While I’m not surprised phishing is on the rise, it’s always a surreal moment to see emails like this come through because truth be told, if I was not a part of the security sector, would they be so easy to spot?

According to data from 2018, approximately 62% of businesses experienced phishing and social engineering attacks that year. While the cybersecurity defences available to us are only becoming more sophisticated, this is the same in reverse - cybercriminals, similarly, are more ruthless and have access to more powerful tools and data.

Social engineering attacks are largely successful because of their human element - social engineers leverage their knowledge of specific people and use psychological manipulation to make sure their target does what they want. 

Successful attacks frequently feature the following elements: A request made from some kind of authority (in this case my bank), the request is something that’s reasonable or in line with what you usually do (or should do at least), and complying with the request doesn’t seem all that risky.

Now that you have a basic understanding of what social engineering is, let’s take a look at how you can guard your company against these types of attacks.

TRAIN YOUR EMPLOYEES TO DETECT SOCIAL ENGINEERING ATTACKS

They say knowledge is power and when it comes to social engineering, this is absolutely true. After all, without knowing what you need to be cautious about, you won’t really be able to see a social engineering attack coming - even from a mile away.

Simply explaining what a social engineering attack is won’t do. You need to demonstrate the many guises it can take and what kind of requests come through. 

Another important element you need to make sure you’re covering is the importance of verification or authentication. Train employees to, first, check, then respond, when unusual requests come in. The worst that could happen is they spend a little time confirming that requests for information are legitimate and are warranted. 

MAKE SURE COMPANY INFORMATION ISN’T EASILY ACCESSIBLE

Commonly known as tailgating and piggybacking, these are techniques social engineers use to get inside your office and steal information through low-hanging fruit - like an office bulletin board, for instance. 

Using public knowledge in an office setting like meeting times, employee names, and other confidential data, cybercriminals have no problem crafting the perfect email - one that gets you to divulge protected information. 

How do they get their hands on this information in the first place? Great question. These people usually enter the office under false pretexts, including helping you out with something you may be carrying.

KEEP YOUR SECURITY SOFTWARE UP-TO-DATE

Another easy way to defend yourself against social engineering attacks is by making sure your anti-virus software, email filters, firewalls and other security software is up-to-date. 

Social engineering attacks like phishing frequently try and get you to visit a malicious website or download malware, which can be prevented if your security tools are doing what they’re supposed to.

Speak to a security expert if you’re not sure which applications will work best for you. In this process, it’s important that you choose the right types and the right versions of given cybersecurity software.

GUARD YOUR COMPANY AGAINST SOCIAL ENGINEERING ATTACKS WITH THE SUPPORT OF A SECURITY TEAM

Social engineering attacks are on the rise. Unlike at any point in the past, they represent a major threat and if successful, can lead to very damaging consequences for your business - both financially and in terms of your reputation. 

I’ve realised that most people are aware of these risks but don’t know how they can defend themselves against these. Fortunately, you can avail yourself of cutting-edge social engineering security support by speaking to our team of experts at Triskele Labs.