Home » cyber security » Fight Back Against Social Engineering Attacks
social engineering

Fight Back Against Social Engineering Attacks

Despite its reputation, hacking isn’t always about cracking code, installing malicious software or maneuvering past security configurations. Believe it or not, many hackers’ most relied-upon methods are better described as non-technical.

Social engineering, a non-technical approach that exploits human error to access confidential information, is a serious threat to organizations and individuals everywhere. For years, cyber criminals have launched social engineering attacks in the form of phishing emails to dupe recipients in to sending personal data. But now, as social media platforms continue their rapid growth, hackers have taken the opportunity to cast a much wider phishing net.

Some common phishing tools on social media platforms now include fake login pages that intercept credentials and fabricated profiles that hackers use to connect with other user accounts. Once a user accepts a connection request from one of these accounts, a hacker can access privileged information, such as email addresses, phone numbers and other personal information.

Since social engineering attacks are capable of undermining otherwise sound security operations, they are of particular concern for an organization’s security. Email and social media are universal tools for business, so it’s natural to be nervous about the potential for these breach events.

Fortunately, there are a number of ways that you can fight back against social engineering attacks.

  • Education: Chief among social engineering countermeasures is a robust security and privacy awareness program that explains these hacking methods across all potential channels, and helps employees understand what to watch for.
  • Policy: Security systems may not block some social engineering attacks. But a thoroughly defined policy containing routine measures against social engineering remains a strong defense. For instance, help-desk employees can be required to ask callers for a unique corporate identifier, which will thwart attempts to gain confidential information by phone.
  • Identity management: Limiting access to certain critical information makes it much easier for organizations to protect that information. Authorization rules defining access privileges are a key competency for achieving this.

Lunarline assists organizations in the areas of security policy management, as well as identity management, and the Lunarline School of Cyber Security now offers training programs specifically focused on social engineering risks.

For more information about these programs as well as our other cyber security solutions, visit us at Lunarline.com or contact us today.



About Spence Witten

Spence has somehow survived ten years at start-ups and small businesses without suffering a (major) nervous breakdown. As Lunarline's Director of Federal Sales, Spence actually loves working on proposals. If there were any doubt, this is proof that he is in fact certifiably insane. While his title says "Sales" Lunarline doesn't let him off that easy. We make him do real work, too. Luckily he's a recognized subject matter expert in security policy and loves helping clients navigate their way around tricky security compliance standards. He's also been known to lead a software development initiative or two, though that pretty much always ends poorly for everyone involved. He can be reached at spence.witten@lunarline.com.