Business Daily Media

How businesses can stop social engineering attacks

  • Written by Tyler Moffitt, Sr. Security Analyst at OpenText Security Solutions


Recently, the Australian Cyber Security Centre (ASCS) launched a new online tool to help businesses assess if they’ve been hacked and guide them on how to respond in certain scenarios, including ransomware attacks, malware, email compromises and identity theft. While it's important for businesses to have a reactive plan in place to focus on re-establishing cyber resilience in a time of crisis, it’s also important for businesses to have a preventative plan to minimise the likelihood of such scenarios in the first place.

Awareness is the key to prevention

The top cause of cybersecurity breaches is social engineering. Social engineering attackers use deception and tricks to get employees to willingly give up private information like logins, passwords and even bank information. As such, phishing is the most common type of social engineering, and it grows year over year while also becoming more convincing and difficult to spot.

OpenText Security Solutions’ mid-year 2022 BrightCloud Threat Report found 46 per cent of all successful phishing attacks used HTTPS – a 14 per cent increase from 2021. Brands such as Google, Apple and PayPal were among the top ten so far this year for credential phishing, a process of obtaining login information from users. The report also showed consumers are almost twice as likely to experience an infection than business counterparts, but with more employees using personal phones and tablets for work, businesses must remain vigilant.

So, what exactly makes social engineering effective and how can businesses stop these types of attacks before sensitive data is stolen and potentially held for ransom?

Spotting attempts and stopping attacks

Phishing and impersonation attempts are common tactics used by cybercriminals to trick individuals into giving away sensitive information or access to their accounts. These attacks can be difficult to spot, but there are some signs that employees can look out for to protect themselves and their organisation from falling victim to these scams.

One common tactic used by phishers is to send emails that appear to be from a legitimate source, such as a bank or a well-known vendor the employee’s company works with regularly. These emails often contain urgent language and may request that the recipient take some sort of action, such as clicking a link or entering login credentials. Employees can spot these scams by being cautious of any unsolicited emails and by examining the sender's email address carefully. If the address looks suspicious or unfamiliar, it's best not to click any links or provide any information.

Another tactic that cybercriminals use is impersonation, where they try to pretend to be someone else in order to gain access to sensitive information or accounts. This can happen through email, social media, or even over the phone. Employees can protect themselves by being cautious of any unexpected or unusual communication, and by verifying the identity of the person they are communicating with before providing any sensitive information.

Overall, the key to spotting phishing and impersonation attempts is to be cautious and vigilant. Employees should be on the lookout for any suspicious or unexpected communication. They should never provide sensitive information or access to their accounts without verifying the identity of the person requesting it. By being aware of these tactics and taking appropriate precautions, employees can help protect themselves and their organisasion from falling victim to these scams.

Threat actors prey on a weak cybersecurity posture. Because social engineering attacks take aim on the human element of cybersecurity, organisations need multiple layers of protection to defend against phishing tactics, old and new. By adding email threat protection to their solution stack, security teams can catch over 99% of threats before an employee is even tested and has a chance to hand over personal info.

It is also important to complement technology with security awareness training, arming users with the knowledge they need to pivot and stay ahead of cybercriminals’ around-the-clock reinvention of malware, phishing, and brand impersonations. Phishing simulation is key and plays an important role to find out which of your employees can improve their phishing resilience and who are the biggest risks that might need some tweaks on access control. Each layer a business strengthens ensures a better chance of stopping social engineering scams, keeping data and sensitive information safe.

Why Should Your First Home Be a Custom Build?

Are you in the market for your first home? If so, you may be wondering if you should buy an existing home or build one from scratch. There are pro...

Property

Essential Considerations Before Removing a Tree in Sydney's Inner West

Tree removal is a significant task that requires careful deliberation, especially in urban environments like Sydney's Inner West. It involves unders...

Property

Why the Building Sector will be hit HARD in 2024

Since February, 2023, there has been an upswing in housing values even with rate rising measures by the Reserve Bank of Australia. The same growth i...

Property

The Rise and Rise of Cyber Threats: Why Due Diligence is More Important Than Ever

It’s no surprise that Australia, like many countries, is facing a rise in cyber security threats with the latest Australian Cyber Security Center ...

Business Training

Strengthening information security: A vital step forward for businesses in wake of cyber attacks

In an era where cybercrime is on the rise, businesses are facing an unprecedented threat to their clients' private information. As the Australi...

Business Training

What to Look for in a Point of Sale System

When you're looking for a point of sale system for your business, there are a lot of things to consider. What type of business do you have? How ma...

Business Training