How to Prevent Social Engineering Attacks In 40 Minutes
Sponsoring Organization: NetCom Learning
Social Engineering Attacks are also known as Human Firewall Attacks. Social engineering is the art of convincing people to reveal confidential information. Human behavior is the susceptible factor to these attacks as there is no hardware or software to protect against these attacks. Attackers research the target company, select a victim, develop a relationship with them, and then exploit the relationship.
- Human-Based Social Engineering
- impersonation
- vishing
- voice changing during calls
- eavesdropping
- shoulder surfing
- dumpster diving
- piggybacking
- authorized personnel lets unauthorized person into secure areas because they lied about losing their id or forgetting it
- tailgating
- enter secure area by following an authorized personnel
- wear fake id
- honey trap
- Computer-Based Social Engineering
- popup windows
- instant chat messenger
- spam mail
- phishing
- Mobile-Based Social Engineering
- publishing malicious apps
- repackaging legitimate app
- smishing (SMS phishing)
- Social Engineering Countermeasures
- password policies
- length and types
- Physical security Policies
- Defense Strategy
- Train Individuals on security policies
- Implement proper access privileges
- Proper incident response
- Resources available to authorized users only
- Background verification and proper termination of employees
- Antivirus/Anti-phishing defense
- Multifactor authentication
- change management
- regular software updates
- password policies
The best policy is to train individuals on security policies. Anyone can be attacked but what matters is how the attack is dealt with. Using multiple methods of verification and authentication will help with security. Double and triple-checking messages and emails to make sure that the logos and addresses are legitimate is also important. OhPhish is a web-based portal that simulates phishing on employees to see how susceptible the organization is.