You've invested smartly in information and physical security, and think your organization is safe from external attacks? Well, the strongest defenses in the world are worthless if someone leaves the gate open. That "someone" is any one of your well-intentioned employees, and the key to the "gate" is that individual's susceptibility to social engineering. You need to be up to date on:
• The Latest Social Engineering Scams;
• Why Social Engineering Is So Effective;
• What Happens After You Have Been "Socially Engineered";
• Proactive Measures To Mitigate the Effects of "Being Socially Engineered ";
• How to Test Your Employees Preparedness;
• How to Test the Effectiveness of Your Awareness Efforts.
Despite all the media hype about hackers and viruses, the greatest threats to an organization's information security are the employees of the company. They're the ones who too often, too willingly, fall victim to Social Engineering ploys and open the doors wide to slick-tongued fraudsters.
When an intruder targets an organization for attack, be it for theft, fraud, economic espionage, or any other reason, the first step is reconnaissance. They need to know their target. The easiest way to conduct this task is by gleaning information from those that know the company best. Their information gathering can range from simple phone calls to dumpster diving. It is not beyond an attacker to use everything at their disposal to gain information. Much like the telemarketer badgers the elderly couple into investing in fraudulent stock; a social engineer uses all the tricks in the book to obtain the goal.
Being aware of these types of attacks, educating your employees about the methodologies of the attacks, and having a plan in place to mitigate them are essential to surviving these manipulations. This should focus on the core issues of social engineering's methodologies, effectiveness and prevention - the core components of a social engineering program should include:
• Identifying the many forms in which the attack may occur;
• Understanding the intention of the attack;
• Educating the potential victims;
• Creating a policy to minimize the impact of the attack;
• Testing employees' abilities to sniff out social engineering scams;
• Managing a program to ensure that ongoing reviews and updates are in place;
• Regular testing to ensure the effectiveness of your training initiatives.
Remember, everyone is susceptible to "being Socially Engineered."
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment