Social Engineering is a Bigger Problem Than Ever in 2020. Here’s How to Fight Back.
Cybercriminals these days are a lot smarter than you might think. Just like any other business, cybercrime gangs are always looking for ways to break through with a slick new attack style that scores them a big payday before cybersecurity professionals even have it on their radar. One of the most successful areas of expansion for cybercrime in 2020 has been social engineering.
A major component of phishing-related cybercrime, the premise behind social engineering is very simple: to influence the target to take an action. Whether that action is to buy a certain brand of coffee, share a news story, or click on a link in a phishing email, social engineering is a common tactic in all sorts of business operations for one simple reason: it works.
Recent examples illustrate some of today’s craftiest social engineering tactics. For example, take a dull, routine subject like compliance. It’s both complicated and constantly changing, with huge penalties for violations. Cybercriminals know that GDPR fines are a specter that haunts most European businesses – and detailed information about many businesses is an easy score on the Dark Web.
So why not try out a cleverly disguised social engineering trick by creating an email that’s designed to look like it’s from a consultancy helpfully informing you that there are new regulations about email security that you might not be compliant with. Of course, their company can help. They may “already be working with you to resolve the problem”, and they just need a little bit more information. You know the rest of this story.
Or, at larger companies, the classic access scam. A contractor or service for your corporation contacts you, maybe even by phone. He is trying to repair something crucial that’s just broken fast. It’s a big problem, the bosses are mad, and they have a quick fix to temporarily patch it until they can fix it. They just need a password that gives them access to a certain system, and they were told that you’re the person to talk to. Password sharing is so endemic, most staffers will hand theirs right over.
This may not sound like a plausible scenario to you, and you’d probably be inclined to ask for more proof – and you’d be right, it’s a scam. But many employees won’t recognize it, even at big tech companies where you’d expect them to know better. After all, this sequence of events is exactly what happened to cause the giant Twitter breach earlier this year.
Fighting back against social engineering means fighting back against cybercriminal trickery with education. Security awareness training, especially phishing resistance training, is every company’s best bet for teaching employees to spot and stop social engineering attacks. Companies that engage in regular security awarenesstraining have up to 70% fewer cybersecurity flubs.
BullPhish ID is the answer for your clients. Not only can it be easily configured for companies and test groups of any size, but it’s also ideal for both in-office and remote workforce training. It’s easy to manage and easy to use. Plus, phishing resistance training doesn’t just help companies defend against phishing – it increases overall security awareness too.
The best training is training that people remember. BullPhish ID delivers on that front, with information presented in bite-sized pieces that are easy to understand no matter how tech-savvy your staffers are in 8 languages. Engaging video lessons make BullPhish ID the perfect tool to use when training employees and online testing enables you to quickly determine who needs extra help.
Research indicates that employees retain the skills that they gain from training for about 4 months before they disappear, but don’t lose skills if their training is regularly updated. BullPhish ID has the content you need, with over 80 complete phishing simulation kits are ready to go, with 4 new kits added every month. Plus we add training on all the latest threats, including COVID-19 lures.
No comments:
Post a Comment