What is Social Engineering?
Social engineering is the practice of duping or tricking people into breaking standard security practices. This non-technical strategy is heavily used by cyber criminals in both targeted and widespread attacks.
Types of Social Engineering attacks
- Baiting – Attackers conduct baiting attacks when they leave a malware-infected device, such as a USB flash drive, in a place where someone will find it. This relies on our innate sense of curiousity; someone will likely load the device into their device and in turn… malware.
- Phishing – Phishing occurs when an attacker makes fraudulent communications with a victim that are disguised as legitimate. The recipient is then tricked into installing malware on their device or sharing personal, financial or business information.
- Pretexting – Pretexting occurs when an attacker fabricates false circumstances to compel a victim into providing access to sensitive data or protected systems.
- Quid pro quo – A quid pro quo attack occurs when attackers request private information from someone in exchange for something or some type of compensation.
- Spear Phishing – Spear phishing is a highly targeted type of phishing attack which focuses on a specific individual or organisation. Spear phishing attacks use personal information that is specific to the recipient in order gain trust and appear more legitimate. Often times this information is taken from victims’ social media accounts or other online activity.
- Tailgating – Tailgating is a physical social engineering technique that occurs when unauthorised individuals follow authorised individuals into an otherwise secure location. The goal of tailgating is to obtain valuable property or confidential information.
How to protect yourself from Social Engineering
- Educate yourself
Ignorance is your biggest weakness and is extremely easy to exploit, making the uneducated the main target for attackers. Knowing what to look for and best practice techniques is your first and best layer of defence.
- Be aware of the information you are releasing
This encompasses both verbal and social media. Sites like Facebook and Twitter are abundant sources of information and resources, from pictures to interests that can be played upon. A simple Google maps search of your home or work address gives a bird’s eye view of the building and its surroundings.
- Determine which of your assets are most valuable to criminals
Make sure you are protecting the right thing! When deciding which assets are most valuable to an attacker be sure not to focus solely on what you or the business find to be most valuable. Cyber attackers are interested in anything they can monetise.
- Enforce and follow policies
After identifying which assets are most tempting to attackers, and the pretext they are likely to use to target it, write a security policy – and follow it! In a business context, all employees need to play their part. Everyone is a potential doorway into the business and its assets. It only takes one door to be ajar for an attacker to gain access.
- Keep your software up-to-date
Attackers using social engineering techniques are often seeking to determine whether you are running unpatched, out-of-date software. Staying on top of patches and keeping your software updated can mitigate much of this risk.
Don’t be the weak link… Be Smart, Be Vigilant, Be Cyber Secure!
Today’s threat landscape poses a real risk to your sensitive data, profitability, and reputation. Cyber Security must be a continuous practice which requires a clear understanding of how users, customers and applications access data and how devices are configured.
Infradata has specialized in assessing, building, and managing enterprise information security for over 15 years. Our extensive engineering experience gives us an opportunity to develop security strategies and solutions that respond to your evolving business challenges.
Our expert security team helps you limit risk from modern day threats.