Next Previous

Social engineering attacks turn employees into biggest enterprise security risk

4 November, 2014

While many companies take abundant caution when it comes to the security of their data – encrypting information, instituting password protection, etc. – all is for naught if employees readily give away sensitive information to cybercriminals. Most workers don't even know they've provided the necessary data to hack into an enterprise network until it's too late. Those unfortunate souls who have handed over the keys to the castle have been hit with what is known as a social engineering attack, and it's one of the hardest forms of cybercrime to protect against.

There are a variety of social engineering techniques employed by hackers. Some are as simple as posing as an IT worker on a phone call and asking for login details because of a phony system glitch, while others use easily-accessible personal information to craft emails specific enough to seem authentic in order to gain access to credit card data or email account information.

The personal information used in the messages can fool even the most cautious of readers. The most recent installment of the McAfee Phishing Quiz, which as of early October had more than 30,000 participants, discovered that 80 percent of those who tried it fell for at least one phony email in the 10-question quiz – and participants in the IT field didn't fare much better. While IT and research and development professionals had the best scores among business users, they only managed to correctly detect phishing emails 69 percent of the time, CSO Online reported.

A recent batch of phishing emails hopes to capitalize on the current environment of fear surrounding the Ebola epidemic and pose as messages from the World Health Organization, supposedly containing information about how to combat the virus. Once a victim clicks on a link claiming to share safety guidelines, the DarkComet Trojan is installed on their device, providing hackers with remote access to the machine.

While a large number of social engineering attacks are aimed at users' personal information, an increasing amount of cybercriminals are attempting to gain access to large corporations through phishing schemes targeting employees. According to a recent report from security firm Symantec, data breaches resulting from spear phishing attacks increased 62 percent last year, and they are on track to grow again in 2014.

Greater access to information encouraging growth of social engineering
As former White House CIO Theresa Payton noted in an interview with CSO Online, the growing amount of openly-available information generated about a company makes it easier for groups to make specified attack messages with which to trick employees into giving up access to privileged systems.

"They figure out who the executive team is, the law firm, the names of the corporate servers, current projects, vendor relationships and more," said Payton. "They use the reconnaissance, which can often be done in less than a day, to create sophisticated social engineering attempts."

One way to mitigate the risks of employee oversight is to implement security information and event management. Enterprises utilizing a managed SIEM service receive constant monitoring of their networks and systems, allowing them to identify any anomalous behavior that might suggest a security breach. All recorded event activity can then be analyzed and used to inform a more comprehensive cybersecurity framework. With the use of SIEM solution, organizations are able to have peace of mind and ensure the security and privacy of sensitive data.