Despite its reputation, hacking isn’t always about cracking code, installing malicious software or maneuvering past security configurations. Believe it or not, many hackers’ most relied-upon methods are better described as non-technical.
Social engineering, a non-technical approach that exploits human error to access confidential information, is a serious threat to organizations and individuals everywhere. For years, cyber criminals have launched social engineering attacks in the form of phishing emails to dupe recipients in to sending personal data. But now, as social media platforms continue their rapid growth, hackers have taken the opportunity to cast a much wider phishing net.
Some common phishing tools on social media platforms now include fake login pages that intercept credentials and fabricated profiles that hackers use to connect with other user accounts. Once a user accepts a connection request from one of these accounts, a hacker can access privileged information, such as email addresses, phone numbers and other personal information.
Since social engineering attacks are capable of undermining otherwise sound security operations, they are of particular concern for an organization’s security. Email and social media are universal tools for business, so it’s natural to be nervous about the potential for these breach events.
Fortunately, there are a number of ways that you can fight back against social engineering attacks.
- Education: Chief among social engineering countermeasures is a robust security and privacy awareness program that explains these hacking methods across all potential channels, and helps employees understand what to watch for.
- Policy: Security systems may not block some social engineering attacks. But a thoroughly defined policy containing routine measures against social engineering remains a strong defense. For instance, help-desk employees can be required to ask callers for a unique corporate identifier, which will thwart attempts to gain confidential information by phone.
- Identity management: Limiting access to certain critical information makes it much easier for organizations to protect that information. Authorization rules defining access privileges are a key competency for achieving this.
Lunarline assists organizations in the areas of security policy management, as well as identity management, and the Lunarline School of Cyber Security now offers training programs specifically focused on social engineering risks.