Social Engineering and the increasing problem of complex phishing attacks:

Social Engineering and the increasing problem of complex phishing attacks:

I was talking to my close friend Powell earlier this week and he was telling me about the troubles he has been dealing with fighting off phishing attacks. Early last year Powell got a letter from a service provider company explaining that due to a security breach it’s possible that his personal data including email addresses, passwords and even social security numbers may have been leaked and that his information is possibly being shared on the dark Web. For the next 6 months Powell received more letters from other vendors about similar breaches. During that period and up to recently he noticed an increased spam activity and the phishing attacks against him grew more sophisticated.

Without going into too much detail Powell shared with me a couple of phishing attempts that were apparently customized, one related to a wire transfer that he was asked to execute during his recent home purchase and another related to a car rental. Luckily Powell has developed a good habit of scrutinizing URLs before clicking on them and often verifies whether a suspicious email comes from a legit domain so his due diligence paid off by thwarting these attacks but it’s sure a dangerous world out there.

We are constantly multi-tasking whether at work or during our personal interactions. Often, we use our mobile devices while at the same time also looking at another bigger screen. Things often happen fast and as you can imagine it’s easy to click on the wrong link during a moment of distraction or maybe under stress. Clicking on the wrong link means inviting big trouble into your world. This can be costly on a personal level but the cost to companies and large organizations is immense, and complex attacks end up asking for hefty ransomware.

Security is as strong as its weakest link in the chain. Regardless of what type of advanced technology you deploy and how many resources you have, the end user is always the weakest link so in today’s world organizations need to address social engineering attacks head on and that must be part of their larger security defense strategy.

Regardless of the size of your organization. Here are some of the areas that are strongly recommended to improve security against social engineering attacks:

Social Engineering Periodic Training:

It’s important for companies to spend considerable time putting together training programs to help their employees learn more about phishing and how to protect against such social engineering attacks. Training programs will help foster a security culture that is critical to every organization in today’s world.

Zero Trust Architecture:

ZTNA mandates and monitors that every interaction between an Employee and a resource needs to be inspected thus helping in mitigating most attacks.

Network Segmentation:

Network segmentation minimizes security breach impact, preventing lateral movement across networks and gives the security team time to identify and isolate attacks effectively.

Other Control:

Security appliances regardless where they are deployed on-prem or Cloud may contribute in catching and or mitigating phishing attacks.

For more information on how to better protect your organization from social engineering attacks please contact Calpean.com.