Around the world, businesses of all sizes and services spend huge sums of money and man-hours attempting to prevent security breaches — but the biggest threat to security cannot be prevented by firewalls, encryption, and user authentication. In fact, the largest threat to a company’s security is from its own personnel.
Symantec, one of the largest providers of antivirus and security suites, estimates the 97 percent of all data breaches are a result of attacks aimed at people. Verizon also stated that most breaches are a result of social engineering, accounting for about 90 percent of all attacks. So, what exactly is social engineering and how can we prevent attacks? Here’s what you need to know.
What is Social Engineering?
Social engineering is exploiting and manipulating people to give up critical information so an attacker can enter a secure environment. It is cross-platform, meaning that it does not matter if a user is on Windows, Linux, Apple OS, Android, or any other operating system.
Firewall software and appliances can’t stop these kinds of attacks — even the best encryption and network topologies can’t prevent it. There is no software or hardware solutions to these breaches. If a person is fooled and gives out information, especially authentication information, then the perpetrator can attack any system or device.
What Happens During a Social Engineering Attack?
Typically, these attacks use emails, texts, or phone calls to try and trick the victim into giving up personal information. You might receive an email with a logo and signature that looks official. Social engineering attacks frequently spoof email addresses so they appear to be from legitimate sources. By phone, the caller will often pose as a government agency, such as the IRS or local law enforcement. Attackers have even posed as family members claiming to be in trouble and in need of financial help.
Unfortunately, social engineering attacks can be very lucrative for the attacker. Personal information is for sale on the dark web. The user’s personal information, such as social security numbers and credit card information, is a valuable commodity. When a company experiences a large data breach, it can expose millions of their customers to potential identity theft. Consider the recent attack at Equifax — it may have exposed sensitive information for more than half of the United States’ population.
When companies are breached, it results in a loss of credibility with their current customers and could cost them the trust of future customers. It also exposes the company to potential legal action for losses their customers have suffered.
How Do You Prevent a Social Engineering Attack?
The only way companies and individuals can truly protect themselves from these threats is through education and good judgment. Employees should be offered training to learn how to identify these kinds of scams. Individuals should use good judgement and scrutinize any and all requests for sensitive information.
A good rule of thumb is to think about why the person emailing, calling, or texting you is requesting the information and what harm could be done by releasing it. Before clicking on any link in an email, text, or website, examine the source and make sure it is legitimate. If possible, stop and investigate the source before taking any further action.
Remember, only you can prevent social engineering!
If you're interesting in learning more about how imageOne can help with secure printing and document workflow, we'd love to talk. Contact us anytime!