REDUCING THE SOCIAL ENGINEERING THREAT
Today, your employees are frequently exposed to sophisticated email-based cyber attacks. The initial entry point is often attributed to a lack of cybersecurity training of employees. Thus, employees are tricked into clicking on attachments or hyperlinks in email or on websites that provide the means of compromising their employer’s systems. This technique is called social engineering.
Cybercriminals are becoming more effective at using social engineering to infiltrate and disrupt organizations. The intent is to trick individuals into divulging sensitive information or download malicious software, including malware and ransomware, that spreads throughout a network. These attacks have become increasingly common and are having devastating impacts on businesses of all sizes.
Just How Bad is the Problem?
Social engineering attacks have proven to be highly successful in stealing funds, compromising data (yours and/or your customers), and causing other problems for businesses and individuals. Most organizations have experienced some form of a social engineering attack in the past few years and will likely experience future attacks. The following statistics show why the social engineering threat is a growing concern:
- The Ponemon Institute found that, on average, a single attack costs a business $3.62 million.1
- McAfee Security estimates 33,000 phishing attacks happen daily.2
- The FBI reported a 2,370% increase in losses from social engineering attacks from October 2013 to December 2016.3 You read correctly . . . a 2,370% increase!
Cybersecurity threats are getting worse because the level of security awareness training and security solutions are not keeping pace with cybercriminals becoming more adept at their craft. They are continuously outsmarting the systems in place to defend against attacks. To help strengthen your organization's defense against social engineering, consider the following best practices.
6 Best Practices to Reduce Social Engineering Risk
1) Understand the Risks You Face
It's critical to identify and analyze all possible cybersecurity risks that could impact your organization. That way you can develop customized ways to treat your unique cyber risks. A few of your top resources to assess your cyber exposures include your insurance broker, your attorney, and your trade association. Many government agencies, such as the Small Business Administration (SBA) and Federal Communications Commission (FCC), now provide resources to assist as well.
2) Create and Enforce Company Policies and Procedures
Every organization should implement and periodically update their company cybersecurity policies for the various types of email, web, collaboration, social media, and other tools that their IT departments have deployed or that they allow employees to use.
3) Keep Network Systems Up-to-Date
All operating systems, software, applications, and other network systems used by your organization should be updated frequently to reduce system vulnerabilities. Cyber breaches often occur because the software doesn't get updated/patched.
4) Regularly Back Up Your Data
By regularly backing up files, organizations can restore data to a known good state. This will avoid or at least minimize loss from a successful phishing attack that destroys 100% of your valued data.
5) Deploy Software-Based Protection
Firewalls, antivirus, and anti-spam/phishing software are vital for protecting your organization's network. While technological protections are essential, none are as effective as a vigilant end user who is trained to spot social engineering tactics.
6) Provide Thorough Employee Training
Employees are the front line of a business’ information security defenses. There is no question that proper employee education and training could help businesses avoid many social engineering attacks. To be effective, regular training combined with simulated phishing attacks should be provided on at least a monthly basis.
How Vulnerable is Your Organization?
BKS has partnered with KnowBe4, the world’s most popular integrated security awareness training and simulated phishing platform, to help organizations manage the ongoing problem of social engineering. Watch this brief video for more perspective on KnowBe4.
We're offering a complimentary social engineering vulnerability assessment to help determine your susceptibility to attacks. To request an assessment, provide your info in the form on the right column of this page. A BKS Advisor will be in touch with you to schedule your assessment.
1. "2017 Cost of a Data Breach Study." securityintelligence.com. Ponemon Institute, June 2017, Web. 09 April 2018.
2. "Economic Impact of Cybercrime - No Slowing Down." mcafee.com. McAfee, February 2018, Web. 09 April 2018.
3. "Business Email Compromise E-Mail Account Compromise The 5 Billion Dollar Scam." ic3.gov. Federal Bureau of Investigation, 04 May 2017, Web. 09 April 2018.