There is no shortage of attack vectors for cybercriminals, and therefore, no shortage of attacks. Even when the security community has "solved" an issue, there's always another one just about to arise. And the results can be disastrous.
In fact, the most recent Ponemon cyber crime study found that "on average, cyberattacks cost companies $7.7 million in 2015, representing a 1.9% increase over 2014."
Protection against these attacks often falls to the IT department, who install firewalls and threat detection, but can't protect against all types of attack. Specifically, technology can only do so much against social engineering, which is one of the top 4 most costly attack types, according to Ponemon.
Social engineering attacks: hidden and costly
Social engineering has likely been around since humans began forming greater societies, but it only just began to gain cybersecurity notoriety as we moved further into our digital world and technologically focused attacks grew in scope, frequency and publicity. Today, the exploitation of human emotion is just as much of a threat to a business as the exploitation of clear technological vulnerabilities, and it boasts just as many serious consequences, too.
Despite those consequences, many companies neglect to devote energy to awareness training for employees. If you want to protect your business from social engineering attacks, you have to help them become both aware of the threat and comfortable enough to address a situation as it happens, rather than after the hacker has left the building (or received a response, or locked up your data access), damage done.
Social engineering: Not just building entry
Social engineering isn't just about in-person manipulation. In fact, it takes many attack forms, including those sent via email or those that occur over the phone. For employees, learning to identify those attacks and recognize their own emotional vulnerabilities is a crucial factor in their ability to help your business avoid harm.
In this ebook, you'll learn:
- Why social engineering presents a risk to your small business
- Which types of social engineering you should look out for
- How social engineering might look to an outsider
- How to mitigate threats
Examining threat types can inspire you to proactively avoid varied social engineering attacks. Even if you face an attack that doesn't squarely align with the types outlined in our most recent ebook, you'll be more ready to deal with it and to teach your employees how to spot it, too.
Originally published on 10/25/2016