Cynet Social Engineering Paper.
Easier to manipulate people than hacking.
Safeguarding data is everyones responsibility.
Introduction:
Security and IT teams are losing sleep as would-be intruders lay siege to the weakest link in any organization’s digital defense: employees. By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise.
Details:
Cybercriminals find it easier to manipulate people before resorting to technical “hacking” tactics. Recent research reveals that social engineering is leveraged in 98% of attacks. As the rapid, ongoing acceleration of remote work raises the stakes, security leaders are fighting back with education and awareness.
Currently:
Resources developed by experts identify the most common tactics, track how these types of attacks are evolving, and provide tips to protect organizations and their end-users. These insights not only inform security practitioners of the latest tactics and emerging threats, but help employees understand that safeguarding data is not just a security team problem. Instead, every teammate is vulnerable to social engineering schemes, and every teammate must play their part to safeguard sensitive data. Additional Security Info:
To help security teams recognize inbound swindles, ‘Social Engineering: What You Need to Know to Stay Resilient’ unpacks the history and evolution of social engineering attacks, provides tips for resiliency, and dissects the five stages of a modern social engineering attack. These 5 stages are the following:
Targeting: Threat actors start by identifying a target. Usually, they target companies. And the most efficient way to breach a company? Through its employees. Targeting can take place in multiple ways, from physically scouting workplaces for any sensitive information to using leaked data found online.
Information gathering: Once the target has been selected, the next step is reconnaissance. Threat actors scour open-source intelligence. Valuable information can be found in employees’ social media accounts, forums that they’re registered to, and more. The information they find is used in the next step of the chain.
Pretexting: After completing their homework, bad actors strategize. Pretexting involves fabricating or inventing a scenario to trick the target into divulging information or performing an action. The main goal in the pretexting stage is to build trust between the threat actor and the victim without causing suspicion.
Exploitation: After a relationship has been built, threat actors will attempt to steal sensitive information and gain initial access to a victim’s computer or company environment.
Execution: Finally, using this newfound access, threat actors attempt to achieve their end goal by infecting the target environment with malicious content, leading to a compromised network.
Closing:
To learn more about social engineering and measures you can take to keep your organization, download Social Engineering: What You Need to Know to Stay Resilient.
Reference link for the full story:
[White Paper] Social Engineering: What You Need to Know to Stay Resilient
This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity
#safeguardingdata #cynet #socialengineering