5 social engineering attacks that companies should be aware of and prevent

by Kelvin
5 social engineering attacks that companies should be aware of and prevent

5 social engineering attacks that companies should be aware of and prevent – Cepymenews Your browser is not up to date, it may not display all the features of this and other websites.
You can update it here

15 | 09 | twenty-one

  

5 social engineering attacks that companies should be aware of and prevent 5

Elevator dialogues or trashing are some of the techniques used, but it is essential to know them in order to prevent them.

5 social engineering attacks that companies should be aware of and prevent 6

© BigStock

2021-06-02 Updated 02 | 06 | 2021 09:27

Social engineering attacks

In recent years, cybersecurity has become one of the priorities for companies. However, at times, they forget or are unaware of the existence of social engineering, the practice of obtaining confidential information through manipulation of legitimate users.

This practice is a potential risk that already accounts for 93% of security breaches for companies according to the Internet User Safety Office.

Social engineering attacks do not target technological devices, but rather what the social engineer considers the most vulnerable link: the user. The attacker uses tricks based on people’s conscious psychological responses – logic and reason – or subconscious ones, in such a way that they can be used to obtain personal information, passwords or bank details.

5 social engineering attacks that companies should be aware of and prevent

  • Make use of charity and reciprocity in the physical security controls of companies. This technique is one of those that can go unnoticed the most for the security of companies, since they can be elderly people or children who, supposedly, urgently need to use the service or require some kind of favor. To avoid this, it is important that all the people who access the company are correctly identified or previously authorized. In the latter case, it is recommended to collect the visitor’s data.
  • Trashing. This type of attack is carried out mainly once inside the company’s facilities, but also on the waste containers on public roads belonging to the companies. This action is used to collect information from the documents discarded by the workers. The solution to this potential risk is to always shred all confidential and business-critical documents that are thrown away so that they cannot be rebuilt to extract information.
  • Elevator Dialogs. The moments in an elevator usually give rise to cordial and friendly conversations between its occupants, in order to make the journey more enjoyable in this small space. But, for the social engineer, these conversations are the perfect opportunity to obtain information such as names of managers or important areas of the company, which will later be used for their attacks. To prevent this, it is essential to avoid having work conversations on elevator journeys in which more people outside the organization travel.
  • Observe the wear of the keyboards. Once inside the companies, spaces for coworking, libraries or coffee shops, social engineers can get information without talking to anyone and not even touching anything. In this way, for example, by observing the wear of the numerical keyboards of visible computers, they can determine which users use it the most and, therefore, who are those who handle finances within the company. To try to prevent this type of attack, it is important that, for example, if we work with laptops, when we get up from our workstation, we always lower the lid. As well as, if we are in a public space, stay alert in case we perceive that someone is observing us excessively, proceed to change our place.
  • Ask the receptionist or secretarya from a company a sheet of paper to write down “something important”. Although this technique may seem harmless a priori, social engineers hope to discover useful information in these sheets. If it is a sheet taken from a notebook, they hope that the ink has been penetrated or written so hard that the trace of the sheet that once was on the one that has been yielded remains. If, on the contrary, it is a printed sheet that has been recycled, it is sought to discover at the bottom of them, names of computers and real folders present in the servers and internal machines in order to explore them later. To avoid this, it is essential to ensure that when you give a sheet of paper to someone outside the organization, you are given a completely blank sheet of paper, extracted directly from the package.

According to Diego Barrientos, business security expert and instructor at Udemy for Business, “Non-technology attacks are more dangerous because they escape the detection radar of all enterprise software security tools. In this way, leaks can remain for several months, or even years, undetected, giving attackers the possibility of operating without limitations on the assets of the affected organizations. “.

I’m interested

5 social engineering attacks that companies should be aware of and prevent 7

Loading news …

5 social engineering attacks that companies should be aware of and prevent 8

Weekly newsletter with the most important news, information on grants and financing, tools, networking, tips, events and much more.

Important information about cookies

This web portal of cepymenews.es uses its own and third-party cookies to collect information that helps optimize your visit. Cookies are not used to collect personal information. You can allow or reject its use, you can also change its settings whenever you want. You have more information in our Cookies Policy.

I accept Configure