What is Social Engineering and how does it intrude on your business?
We have spoken a lot about social engineering in our recent blogs but as it is now at the forefront of cyber-attacks we thought it was important to address; what is Social Engineering? How does Social Engineering effect businesses? And how can you stop social engineering in your businesses.
What is Social Engineering?
Hackers are now using human error to undergo cyber security attacks on businesses. This means it is not hackers sitting behind a screen, using sophisticated software and programs to hack into your computer or accounts but instead they are forcing people into making mistakes or taking actions which allow them access to your systems. This could be done by sending fake invoices to your accounts department or asking you to change the bank account details for a company via email.
Why is Social Engineering effective?
Security policies are as strong as their weakest link. There are four phases that a hacker will go through to breach your security.
- Research target company
- Select victim
- Develop relationship
- Exploit relationship
Hackers look in to human behaviour, breaching the human nature of trust. There are many factors that make companies vulnerable of malicious attacks, one being insufficient security training, and a lack of security policies. It is crucial nowadays to make sure that you have the appropriate software in place, to try and prevent these attacks.
Social Engineering can start off by a Whaling Attack. Whaling scams are emails designed to disguise as a critical businesses email, coming across as a legitimate business authority. A large social media platform ‘Snapchat’ received an email that was sent to the payroll department, pretending to be sent from the CEO asking for employee payroll information. The financial executive of Mattel, a toy manufacturer was another company that received an email from a scammer pretending to be the newly appointed CEO requesting $3m money transfer, in which they succeeded. Whaling is similar to Phishing in that it uses methods such as email and website spoofing. Convincing phishing emails that looks authentic, tricks the target in to performing specific actions such as transferring money. These emails are usually circulated to accounts and finance departments on a Friday in attempt to apply pressure to the end user and forcing errors. Whaling email addresses look very similar to your organisation’s email, and even use your company’s logo, which aims to catch you out.
What is the potential impact of a cyber attack?
There can be many fatal impacts of a cyber security attack. An attack can result in economic losses. There is also the cost of loss of reputation and good will. If your company experiences a security breach it could provide hackers with access to your businesses data base meaning your clients information such as credit card details, personal data and sensitive business information is vulnerable. This puts your business in a difficult position and in many instances, has results in businesses reputations being ruined. Furthermore, they could initiate a lawsuit against your business, that can have a severe impact on the reputation of your business. It can also result in temporary or permanent closure.
How to protect your business against a cyber attack
Involve the police. Make sure you have the right Anti-Virus solution in place and become educated in it. It is vital to invest in robust security practises. Encourage key staff members to maintain a healthy level of suspicion when it comes to spontaneous contact, especially if it involves finance. The main thing to do is to talk about it, don’t hide it!
Hackers are now using social engineering to attack businesses which means the attacks are more targeted at individuals using personal details to engage trust with the user. If you have any concerns about social engineering and whaling emails please contact our support help desk – firstname.lastname@example.org