Our lives are becoming more and more digitised with hybrid or remote working becoming the new norm for organisations. As we continue to use numerous various devices for work and our personal life, the likelihood of experiencing some form of a cyber-attack also heightens. 2022 looks set to be another year fueled by technology and an increased chance of attack. Organisations must be able to educate their staff to the best of their ability to mitigate risk and protect their environment.
Security practices are one of the best things you can invest in in the modern world. According to purple sec, cybercrime was up 600% in 2021. One of the largest forms of security threat was social engineering.
Social engineering in cyber security is the psychological manipulation of people into performing actions or disclosing confidential information.
A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources. (Imperva 2021)
Stairwell’s Mike Wiacek said “Social engineering is one of the most difficult security issues to address because no compliance, governance or risk-management action can address the fact that people are imperfect and susceptible to being duped.”
Baiting– Attackers will lure in victims with an enticing offer sometimes with physical devices like USBs, leaving them in public for someone to insert into their computer out of curiosity. The victims will then unknowingly install malware onto their system and thus breach the integrity of their system. These can also be online ads that send the user to a malicious site encouraging the download of suspicious material.
Scareware– Users will be bombarded with fake threats and alarms to suggest their system is infected and are required to download a program to combat these issues, however, the program would in fact be malware that would penetrate the system.
Phishing– As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity, or fear in victims. It then coerces them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
-Don’t open emails with attachments from suspicious addresses
-Utilise Multi-Factor Authentication techniques
-Keep your security software and procedures up to date
The best and most effective way of combatting such issues is training and informing your staff of the potential ways that hackers can try to trick you. If you would like to learn more about security and how Jasco can future proof your organsiation reach out below.