Social Engineering

Social Engineering Attacks Driving Security Awareness

Social engineering and cybercrime are on the rise around the world. Business owners need to pay attention to current trends in the world of information security (infosec).

In 2005, the United States Bureau of Justice Statistics reported that 60 percent of American companies had detected at least one instance of cybercrime. Tech giant IBM believes that businesses are much more likely to be targeted by cyber attacks than they were 10 years ago.

Despite the sophistication of today’s infosec strategies, the global cost of cybercrime is expected to elevate to $6 trillion on an annual basis by 2020.

The Human Aspect of Infosec

Business executives who are concerned about the security and integrity of their information systems, should start paying more attention to their greatest source of weaknesses and vulnerabilities: their own employees.

Some of the most brazen and successful cybercrime groups take pride in their their social engineering prowess. In mid-September, the FBI arrested two suspects believed to have gained access to the email accounts of CIA Director John Brennan and National Intelligence Director James Clapper. These criminals are part of the cybercrime outfit known as “Crackas with Attitudes”.  They tricked government intelligence employees into giving them username and password credentials by pretending to be Verizon technicians.

Through a series of telephone calls and electronic communications, malicious actors gain entry to networks. These threat actors also harvest key information about how a business operates; this is known as social engineering, and it is something that average employees may not be familiar with.

Preventing Social Engineering Through Security Awareness

One of the greatest weaknesses of infosec is that it often falls short in terms of outreach and employee engagement. IT security procedures are often presented and enforced in a stern and ominous manner. This does not appeal to employees because they don’t know much about it.

Practicing good infosec in the workplace comes down to awareness. Malicious hackers overwhelmingly target employees because they know that the average worker does not know much about infosec. Companies cannot expect entry-level clerks to be familiar with social engineering and read their CIO subscriptions during lunch breaks.  

Employees do not realize that they can unwittingly become attack vectors because they lack situational awareness. In other words, they are not familiar with how cyber-crime groups operate.

Security awareness programs in the workplace need to go beyond drilling employees on their knowledge of infosec policies. Staff members must know why it is important to protect the information of their company, their customers, and their colleagues. The best information security measures will not help a company if employees remain vulnerable. Starting with simple steps can get most employees moving in the right direction.