Social Engineering’s Weakness? An Empowered Work Culture

One of our more popular posts last year dealt with the creation of a cybersecurity-conscious work culture. Today, we explore how the culture of your organization can help prevent an increasingly common (and non-technical) tactic used by hackers: social engineering. The cultural aspect is: how acceptable it is to challenge, or push back on, requests within your organization – especially urgent, unexpected, or unusual requests coming from senior leaders. We describe social engineering and its identifying features; what management and employees can do to create/participate in a culture that encourages pushing back; and how this change (when coupled with education and awareness) can help reduce the likelihood of social engineering succeeding and impacting the business.

What is Social Engineering?

Social Engineering is a tactic used by threat actors to manipulate their target into revealing sensitive information (such as username and password). It plays on the fact that people are generally inclined to trust and help one another. Threat actors leveraging this tactic will often attempt to invoke a sense of urgency, an incentive for participating, or the threat of consequences for not participating. One increasingly popular flavour of this tactic is to assume the identity of an internal authority figure like a senior executive, the IT team, or even their direct boss, to deceive the victim into helping ‘them.’ When social engineers impersonate by creating a similar looking email address, it is known as spoofing. Note that this tactic is no longer limited to email – social profiles and phone numbers are susceptible to spoofing as well. And, legitimate emails/phone numbers can also be compromised, such that the message comes from a legitimate source – but the person behind that source isn’t the real owner of it.

What can you do?

There are several things your organization can do (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by IntelliGO Networks. Read the original post at: