We have all encountered instances of cyber-scams, such as spam emails and viruses that attack private and commercial computer networks daily.Oftentimes, software is installed in hopes to safeguard systems -however, this does not always work. The security of information systems extends beyond firewalls, detection systems and other protective software – it involves the people operating those systems.
No matter how robust an organization’s system may seem, there is always the possibility of human error.Humans are often viewed as a weak link in the commercial chains of operation, though not always due to unprofessionalism. According to the 2014 Cyber Security Intelligence Index,“95% of all security incidents involve human error”.
Employees fall victim to more than just spam emails and viruses, they are also prey to individuals with malicious intent who physically steal documents and manage to obtain sensitive information by word of mouth. These, more social,forms of malicious attacksare commonly referred to as social engineering.
Social engineering occurs regularly, with or without our knowledge, and it is important for employees to be aware the of the tell-tale signs.
Social Engineering refers to the art of manipulating people into giving up confidential information.Social engineering often occurs under two different categories: computer based deception and human interaction based deception. These two forms of social engineering manifest themselves in a variety of ways, including–but not limited to:
- Phishing Scams – To gather personal and financial information, generally, through emails disguised as legitimate ones.
- Pretexting – To obtain information under false pretenses. Example: A Pretexter claims to be calling from a survey firm.
- Diversion Theft – To have information changed from its intended destination to another.
- Baiting Scenarios – To tempt an employee into creating a weakness in a company’s network.
- Quid Pro Quo – A favor or advantage granted in return for something.
Many mitigation practices exist; however, the primary solution to social engineering involves security through education. Focusing on training individuals to detect risks and breaches to their systems provides an additional key safeguard. This also encourages employees to be more vigilant with their technological use.
Individuals often take it one step further and conduct an assessment test, and though helpful in mitigating the issue at hand, it is not a sustainable system of operation.
How Wilson Consulting Group Can Help
At Wilson Consulting Group (WCG),we take this process one step further. WCG offers top of the line risk management consulting services to safeguard clients against instances of social engineering.
WCG is committed to assisting clients in the following:
- Developing Breach Preparedness Programs
- Constructing a viable Education and Training Plan
- Creating and implementing Social Engineering Awareness and Prevention Programs
- Conducting Social Engineering Risk Assessment Exercises
WCG alsotakes strategic approaches to mitigate the occurrence of social engineering breaches, by thoroughly testing potential points of attacks in order to identify all vulnerabilities.
WCG advises that you keep in mind that not everyone knows the different styles of cyber-attacks that hackers may use. All it takes is an employee clicking on one malicious email and your company’s confidential information, personal employee information, or payment card information can be at risk. Businesses and government entities need to ensure thatthey increaseemployee awareness of these issues to help protect themselves.