Culture of Security: Preventing Social Engineering Attacks

It is estimated that malicious cybersecurity attack damages could amount to as much as $6 trillion by 2021 with businesses falling victim to these attacks every 11 seconds. With recent attacks plaguing corporations like Twitter and the World Health Organization, it is imperative that businesses further develop a culture of security within their organization.

The most common form of cybersecurity attacks, accounting for 70-90% of all malicious security breaches, are social engineering attacks. These techniques exploit human vulnerabilities through psychological manipulation and commonly include:

Phishing – Most common social engineering technique where sensitive data is fraudulently obtained by hackers disguised as a trustworthy entity in an electronic communication.

Watering hole – Hacker infects websites visited by their target with malware. Once the victim visits the compromised website, malware is installed on his device.

Whaling attack – Whaling is a targeted spear-phishing attach aimed at an organization’s senior executive. Fraudulent communication that appears to be from the targeted executive is sent to deceive non-specific individuals in an attempt to deceive them into performing a secondary action such as sharing sensitive information or initiating a funds transfer. 

Baiting and quid pro quo attacks – Baiting occurs when a hacker promises good to deceive victims. A quid pro quo attack is a variant of baiting. Instead of baiting a target with the promise of a good, a quid pro quo attack promises a service or a benefit based on the execution of a specific action.

Tailgating – also known as “piggybacking,” involves an attacker seeking entry to a restricted area that lacks the proper authentication.

From January through June of 2020 there were 540 reported data breaches affecting more than 163 million people. These attacks included the aforementioned coordinated social engineering attack on Twitter that was masterminded by a 17-year-old hacker. This attack solicited people into sending cryptocurrency on behalf of celebrity accounts including former Vice President and current Democratic presidential candidate Joe Biden, Bill Gates, Elon Musk and Kim Kardashian-West.

A Look at the Latest Cyber Attacks on Business in 2020 shows Phishing emails accounted for 31 percent of all attacks. Shark Tank host, Barbara Corcoran, was scammed out of $388,700.11 when a hacker impersonating her assistant emailed an invoice to her bookkeeper for a real estate renovation. The money was wired directly to the account listed on the invoice as it appeared to be a legitimate transaction.

It is imperative that organizations create a culture of security through education, training and implementing security best practices such as:

  • Create and document security policy in clear easy to read language.
  • Present engaging training programs to employees that includes relatable cyber threat scenarios.
  • Foster security-centric behavior by making security everyone’s responsibility.
  • Download and Post our Security Best Practices Do’s & Don’ts list in a visible area as a reminder.

Human behavior with technology impacts cybersecurity just as much as hardware, software, and networking technicalities. Developing and sustaining an effective culture of security is an essential component in protecting your organization against social engineering attacks.

For additional tips on how to develop a culture of security within your organization, read our website 10 Tips For Online Security and Is Your Business Secure.

Computer Business is a full-service information technology (IT) company offering a comprehensive suite of IT services ranging from IT Managed Services and Security to innovative custom-designed solutions. Computer Business has a worldwide client base in a broad range of industries including health care, law enforcement, financial, legal, technology, real estate, logistics, government/municipalities, B2B and B2C, and the U.S. military.

Serving Central Florida for more than 24 years, Computer Business is very engaged within the community by providing strong support for education in both Orange & Lake counties, WMFE-FM, the flagship National Public Radio (NPR) station in Orlando, and the arts through the United Arts of Central Florida, the Orlando Shakes in partnership with UCF, and the Enzian Theater.  Computer Business also supports entrepreneurship and is an active trustee for both the South Lake and West Orange Chambers of Commerce, and executive members of the Orlando Chamber.