Addressing this Concern: In the case of the careless employee, lack of awareness and lack of diligence play large factors in data loss. IT professionals can help mitigate the risks by ensuring that corporate policies and procedures that include language on professional conduct with company data and increase efforts to communicate these to employees. Taking an extra step to ensure that devices have remote wipe capabilities in the event that a phone or laptop falls into malicious hands. In the case of disgruntled employees, monitor for suspicious behaviors, particularly following a bad review or probationary period.
Rather than using high-tech hacking techniques, social engineering attacks happen when a malicious party gains access to company systems or data by exploiting human psychology. A social engineer may strike by calling employees posing as a trusted vendor or member of the IT team that needs confidential information, like passwords and email addresses, to rectify an issue with the server. Or they may try to gain access to company networks through "spear phishing," sending through an email pretending to be a friend inviting the employee to click on a link.
Once the malicious party strikes, it's not hard to penetrate deep into a company's networks and databases. Today's social engineers are extremely savvy, often studying companies prior to launching an attack, becoming familiar with their activities and lingo while projecting confidence and using reason to disarm social engineering victims.
Addressing this concern: Raising awareness is of the utmost importance when combatting social engineering. Creating a communication campaign that highlights real-world examples can help employees recognize that social engineering attacks are real and can take various forms. Employees should also be encouraged to report suspicious behavior to IT managers.
The threat landscape is ever evolving and as firewalls, anti-malware and other high-tech defenses make company databases harder and harder to penetrate from the outside, hackers will look to hack human assets to gain access to confidential information. IT professionals and leadership need to take steps now to put defenses in place along with company policies to safeguard against these low-tech threats.
Sign up for Computerworld eNewsletters.