The Top 5 Social Engineering Strategies That Threaten Your Business
Cybersecurity is complex in that, regardless of how much you invest in it, there will always be one primary vulnerability – people. While your systems may not be so easy to crack, cybercriminals enjoy manipulating peoples’ fallible judgement using social engineering strategies designed to gain access to your company’s confidential information.
In a recent study, the Federation of Small Business found that 66% of its members had been victims of a cyber attack in the last two years. Of these attacks, a very small percentage had been down to sophisticated and malicious code. In fact, in 86% of cases, the attacks were social engineering scams.
These are 5 of the most common social engineering strategies:
1) Phishing – You’ve probably already heard of this one. Phishing is when emails are sent from an allegedly trusted source, such as your bank, HMRC, your own IT department etc. and ask for sensitive information ranging from passwords to bank details. These emails normally include links to pages that look like the real website to collect the information. An example of this would be a mass email sent out to your staff asking them to reset their passwords, asking that they enter in their current passwords in order to reset.
2) Spear Phishing – This is a more direct form of phishing. Spear Phishing is a specialised attack on one person in the company. For instance, this could be someone in accounting with access to sensitive information.
3) Physical Baiting – This is when a criminal plants a piece of hardware, such as a USB stick or CD, that has been infected with malware in the hope that someone will load it onto a computer.
4) Pretexting – This is when an attacker poses as someone within your company or someone that you would regularly do business with. This could be a senior member of staff, a supplier or manager who creates a false urgent scenario that would compel someone to share their details.
5) CEO Fraud – This is where a criminal impersonates the CEO or another senior member of the company in order to pressure someone who is able to initiate payments to transfer money into a specific bank account.
Protecting against social engineering strategies is simple as long as you implement the following strategies:
• Establish a process for requesting and authorising payments that requires two points of contact.
• Organise a procedure for what employees should do if they receive an unusual or suspicious email.
• Provide your entire staff—from the directors and officers all the way down to the interns—with comprehensive cybersecurity training to ensure that they know how to identify and manage cybersecurity threats.
Risk management alone is no match for today’s sophisticated cybercriminals. To ensure your company stays protected, pair your cybersecurity efforts with a comprehensive cyber insurance policy. Contact Cyberguru and request your quote today!