search

What is the best countermeasure to avoid social engineering?

1 anos atrás
Comentários: 0
Visualizações: 160

Most businesses are aware of cyber-attacks and have invested heavily in security measures to reduce security threats. Though, with all that in place, in the digital world, there remains an element called human. Attackers are taking advantage of human flaws in the businesses to bypass the security layer. Hacking a human is known as a social engineering attack.

Show

Social engineering attacks possess a long history, which predates the rise of computers and the internet. However, there is no need to go back so long to find examples of the biggest social engineering attacks.

Most recently on February 2020, an anonymous party successfully tricked Barbara Corcoran of ABC’s “Shark Tank” out of around $400,000 through a phishing attack with a fake renovation invoice.

Social engineering threats take a wide range of forms like watering hole websites, phishing scams, real-world baiting, whaling attack, pretexting, and quid pro quo attacks.

You can explore more about the dangers of social engineering

While social engineering security threats will never vanish, they can greatly be managed by taking proactive ways to prevent social engineering attacks.

Top 10 Ways to Prevent Social Engineering Attacks

1. Multi-Factor Authentication

Don’t rely on one factor – the most basic preventive measure guarantees your account security. Of course, the password ensures security, but we have realized they’re inadequate on its own. Because it is far easier for someone else to guess your password and obtain access to your accounts.

The passwords can be accessed through social engineering. Multi-Factor verification is required that could be anything from biometric access, security questions to an OTP code.

2. Continuously Monitor Critical System

Make sure your system, which houses sensitive information is being monitored 24 x 7. When certain exploiting tactics are employed like Trojans, they sometimes depend on the system, which is vulnerable. Scanning both external and internal systems with Web application scanning can help to find vulnerabilities in your system.

Besides, you should also perform a social engineering engagement at least once a year to assess whether your employees would fall victim to the dangers of social engineering. Once tracked, fake domains, if any, can be taken down instantly to avoid copyright infringement online.

3. Utilize Next-Gen cloud-based WAF

You’re probably already employing a firewall within your business, but a next-generation web application cloud-based firewall is specially designed to ensure maximum protection against social engineering attacks. The web WAF is very different from the traditional WAF that most companies deploy.

To be specific, AppTrana can consistently monitor a web application or website for anomalous activity and misbehavior. Although social engineering threats depend on human mistakes, it will block attacks and alerts you to any endeavored malware installations. Implementing risk-based WAF is one of the best ways to prevent social engineering attacks and any potential infiltration.

4. Verify Email Sender’s Identity

Most scams involve the method of falsely obtaining victim’s information by pretending as a trusted entity. Especially in a phishing attack, attackers send email messages that may appear like they are from a sender you trust like from a credit card company, a bank, a social networking site, or an online store. The emails often tell a story to make you click onto the false link, which looks legitimate.

To avoid this kind of social engineering threats, contact the claimed sender of the email message and confirm whether he sent the email or not. Remember, legitimate banks will not ask your authorized credentials or confidential information through email.

5. Identify your critical assets which attract criminals

“When a lot of companies focus on protecting their assets, they’re very focused on that from the perspective of their business” – Jim O’Gorman, a member of Social-Engineer.org

That is not necessarily the approach hacker will target your company. They always target the assets valuable to them.

You should evaluate in the attacker’s perspective and identify what to protect, considering the assets beyond your product, service, or intellectual property.

“Independent Assessment is the best tool to determine which of your assets criminals are most likely to target.” – according to O’Gorman.

6. Check for SSL Certificate

Encrypting data, emails, and communication ensure that even if hackers intercept your communication, they can’t be able to access the information contained within. This can be achieved by obtaining SSL certificates from trusted authorities.

Furthermore, always verify the site, which asks for your sensitive information. To verify the website’s authenticity, check the URLs. The URLs which start with https:// can be considered as trusted and encrypted website. The websites with http:// are not offering a secure connection.

7. Penetration Testing

The most effective approach among the ways to prevent social engineering attacks is conducting a pen-test to detect and try to exploit vulnerabilities in your organization. If your pen-tester succeeds in endangering your critical system, you can identify which system or employees you need to concentrate on protecting as well as the types of social engineering attacks you may be prone to.

Learn more about how application Pen testing can mitigate Fraud.

8. Check and Update your Security Patches

Cybercriminals are generally looking for weaknesses in your application, software, or systems to attain unauthorized access to your data. As a preventive measure, always maintain your security patches up to date and keep your web browsers & systems up to date with the latest versions.

This is because companies release security patches as a response whenever they uncover security loopholes. Maintaining your systems with the recent release will not only reduce the possibilities of cyber-attacks but will also ensure a cyber-resilient environment.

9. Enable Spam Filter

Enable Spam filters and close the door for offenders of social engineering security threats. Spam filters offer vital services in protecting your inboxes from social engineering attacks.

Most email service providers offer spam filters that hold the emails which are deemed as suspicious. With spam features, you can categorize emails effortlessly, and freed from the horrible tasks of identifying mistrustful emails.

Oversharing of personal details online through social media can give these criminals more information to work with. For instance, if you keep your resume online, you should consider censoring your date of birth, phone number, and residential address. All that information is useful for attackers who are planning a social engineering threat.

We recommend you maintain your social media settings to “friends only” and think twice before you share anything on social media.

The Closure

The dangers of social engineering threats are increasing day by day and now becomes one of the major cyber threats for businesses of all sizes. You should equip your business with proper defense measures to prevent social engineering attacks.

Make sure that your company has the methods to rapidly detect security incidents, monitor what is going on, and alerts your security team so they can take immediate action.

What is the best countermeasure to avoid social engineering?

Page 2

Page 3

Page 4

Page 5

Page 6

Page 7

Page 8

Page 9

Page 10

Page 11

In a typical social engineering engagement, a threat actor uses social skills and takes advantage of human error to obtain or compromise an organization’s assets. 

In our previous blog, we offered a framework for running your own social engineering exercises. To help your organization stay prepared, we’ve outlined how countermeasures can round out your organization’s social engineering policy and protect against social engineering schemes.Countermeasures against social engineering attacks focus on eliminating human error. Types of countermeasures can be divided into three categories:

  1. Policy and procedures
  2. Employee awareness
  3. Technical measures

Policy and Procedures

Having the right policies, protocols, and procedures in place ensures that employees are prepared for potentially vulnerable situations. It’s human nature to feel bad for saying “no”. But if there are clear procedures in place when a situation starts to deviate from the established norms, your employee will be more confident to say “no” and stick to company procedures during (what could be) a threatening situation.

Consider this list of policies as a starting point for addressing the threat of social engineering against your company: 

  • Internet usage: Covers acceptable usage of the Internet. For example, only work-related usage may be permitted. This may prevent employees from falling victim to phishing emails that are unrelated to work.
  • Software policy: Describes what software is acceptable and who has the rights to install and/or update software. Consider giving only a few people the right to install software on computers. This may prevent a vishing attack by a social engineer who asks a victim to install specific software on their computer.
  • Hardware policy: Describes the hardware that should be used and the acceptable usage. For example, USB sticks may be forbidden. This may prevent employees from inserting malicious USB sticks they found in the company parking lot into their work computer.
  • Separation of duties: Draws out everyone's responsibilities and access levels. If an employee falls victim to a social engineering attack, this may clearly limit the security compromise to what they can access and do on the company systems.
  • Password policy: Gives clear instructions on creating new passwords (length, characters, other characteristics), handling passwords (e.g., not sharing them with other people or reusing them), resetting passwords, etc. For example, if the policy is never to reveal your password to anyone, this may prevent some employees from revealing their password during a vishing attack where social engineering impersonates the IT personnel.
  • Physical access policy: Describes the physical access policies, such as having an identification badge on you at all times, not allowing people to tailgate you through secure doors, verifying the identity of all guests, and making sure they are chaperoned.

Employee Awareness

With threat actors constantly developing their tactics, your team needs to be trained to recognize attacks or, at the very least, situations that deviate from standard operations.

Over time, learned skills may be forgotten. Regardless, the techniques and tactics of our adversaries continue to evolve. Regular and timely training for every member of your team could not be more important.

A holistic training plan should include general security awareness training, regular simulated phishing tests, and full-on social engineering engagements. Employee awareness of information and asset sensitivity and classification is also important. If dealing with highly critical information, your team should be aware that they need to be more skeptical when handling it than when handling assets of lower importance.

Technical Measures

Technical countermeasures are designed to prevent the situation from escalating. The goal is to stop threat actors before they have any opportunity to take advantage of human nature in the first place. There are multiple options here, including waste management that safely discards any sensitive information, safe physical access systems (doors, gates, etc.), sophisticated entry cards, person verification, accompanying any guests, etc.

Review

Any countermeasure that you’ve implemented should be assessed for its effectiveness. Are the policies in place still relevant? Has their scope changed with the natural changes in business objectives?

Such reviews can be conducted internally or in cooperation with an outside partner. They can also be conducted passively or actively. Passive review means just assessing the attack surface on a theoretical level. An active review includes actively trying to compromise the confidentiality, integrity, and/or availability of information.

The most important piece of any organization’s security plan is its team. As you consider how you’ll keep your organization protected from cybersecurity threats, try communicating with your team in a way that promotes their buy-in to the company’s overall security culture. 

The RangeForce platform hosts 700+ cybersecurity training modules to help keep your team prepared. Customers around the world are using our platform to cross-train throughout their companies to build security literacy across functions. Request a demo now.

Q&A What Reviews Best

Postagens relacionadas

There is a point in a circle. what is the probability that this point is closer to its circumference
There is a point in a circle. what is the probability that this point is closer to its circumference

When assessing muscle strength which element does the nurse note as part of a thorough musculoskeletal examination?
When assessing muscle strength which element does the nurse note as part of a thorough musculoskeletal examination?

What is a bonus daughter
What is a bonus daughter

What is the least persuasive type of evidence?
What is the least persuasive type of evidence?

What are the values of a and b for which the following pair of linear equations has infinite number of solutions 2x 3y 7 2ax A by 28?
What are the values of a and b for which the following pair of linear equations has infinite number of solutions 2x 3y 7 2ax A by 28?

If a company has a major problem, what type of committee might it create to investigate the problem?
If a company has a major problem, what type of committee might it create to investigate the problem?

At what position is the kinetic energy equal to the potential energy?
At what position is the kinetic energy equal to the potential energy?

Why do dogs rub their bum on the carpet
Why do dogs rub their bum on the carpet

What is length of the base?
What is length of the base?

What was the Battle of Camden SC?
What was the Battle of Camden SC?

Jogo do corinthians hoje ao vivo gratis
Jogo do corinthians hoje ao vivo gratis

Qual o pigmento responsável pela fotossíntese?
Qual o pigmento responsável pela fotossíntese?

Qual cidade do estado de São Paulo passa o Trópico de Capricórnio?
Qual cidade do estado de São Paulo passa o Trópico de Capricórnio?

Qual é a principal consequência da automação para a produtividade?
Qual é a principal consequência da automação para a produtividade?

Tem como duas pessoas assistir Netflix ao mesmo tempo no mesmo perfil?
Tem como duas pessoas assistir Netflix ao mesmo tempo no mesmo perfil?

O balanço patrimonial evidencia a situação financeira patrimonial das entidades
O balanço patrimonial evidencia a situação financeira patrimonial das entidades

Quais foram as principais alterações no balanço patrimonial trazidas pela Lei 11638 07 e a Lei das sociedades Anônimas?
Quais foram as principais alterações no balanço patrimonial trazidas pela Lei 11638 07 e a Lei das sociedades Anônimas?

Quantas vacinas O cachorro tem que tomar ao longo da vida?
Quantas vacinas O cachorro tem que tomar ao longo da vida?

Como dividir todos os valores de uma coluna no Excel
Como dividir todos os valores de uma coluna no Excel

Quais eram as condições de trabalho dos imigrantes que vieram para região Sul do Brasil?
Quais eram as condições de trabalho dos imigrantes que vieram para região Sul do Brasil?

Publicidade

ÚLTIMAS NOTÍCIAS

Is defined as two or more interacting and interdependent individuals who come together to achieve specific goals?
1 anos atrás . por InflatedHumility
If 5 men can make 5 flags in 5 minutes how many men are required to make 50 flags in 50 minutes
1 anos atrás . por TropicalPhrasing
50 workers can build 50 walls in 25 days how many days will it take for 25 workers to build 25 walls
1 anos atrás . por DamagedShoplifting
20 workers need 6 hours to build a wall how many hours will 15 workers need to build the same wall
1 anos atrás . por IncredibleLitigation
Which group would be most likely to oppose government intervention to improve the tenements
1 anos atrás . por EscapingAdvice
What is the name of the process in which one company studies the processes of another firm?
1 anos atrás . por PerverseSiding
Which one of these represents a firm that seeks to match the benefits of a successful competitor while maintaining its competitive position?
1 anos atrás . por SatiricalCrossroads
Ferrous sulfate life threatening Considerations
1 anos atrás . por DarkStandpoint
How many liters of water must be added to 21 liters of milk and water contains 20% water to make it 40% water in it?
1 anos atrás . por NostalgicTuesday
Which of the following programs can copy itself and spread from one file to another such as in word processing or spreadsheet programs?
1 anos atrás . por PlanetaryWomanhood

Toplistas

#1
Top 7 remédio para dor de ouvido infantil 6 anos 2022
1 anos atrás
#2
Top 7 folder programa para fazer 2022
1 anos atrás
#3
Top 7 o que é bom para reduzir o colesterol ruim 2022
1 anos atrás
#4
Top 8 o que é cidade local 2022
1 anos atrás
#5
Top 8 distancia entre cidades americanas e canadenses 2022
1 anos atrás
#6
Top 9 o texto apresenta uma relação entre atividade econômica e organização social marcada pelo 2022
1 anos atrás
#7
Top 5 blusas de croche verão 2022
1 anos atrás
#8
Top 6 cha de cordão de frade para que serve 2022
1 anos atrás
#9
Top 8 se a cada hora o planeta percorre 15° de longitude quantos graus ele realiza a cada rotação 2022
1 anos atrás
#10
Top 5 crie um algoritmo que calcule o valor do fatorial de um número fornecido pelo usuário 2022
1 anos atrás

Publicidade

Populer

Publicidade

Sobre

Jurídica

Ajuda

Social

direito autoral © 2024 comojogaruno Inc.