Combat Social Engineering, Phishing and Ransomware
Date: Jul 27, 2015
Pete Sherwood, CTO, Infosec Cloud
One of the greatest threats to information security is likely to come from within your company or organisation, with uninformed users responding to phishing e-mails, opening trojan attachments and visiting cloned websites infected with malware.
Company email addresses are relatively easy to find as they are public facing data. And there is an entire industry built around lead generation using information freely available to the public. With this information, cyber criminals can easily launch social engineering, spear-phishing and ransomware attacks on your organisation.
Social Engineering is when a hacker uncovers vital information about an individual and uses this to attack them. One technique is to send out emails claiming to be various websites and companies asking for recipients to click a link and enter their email address and password to ‘confirm’ their accounts.
This type of attack is very hard to defend against.
Technology can of course made some kinds of cyber attack more difficult to commit, but even the very strongest security technology can be overcome by a clever social engineer. That’s why ongoing security awareness testing and training for end users is essential.
Organisations can only fully combat social engineering, phishing and ransomware attacks by instituting regular employee security-awareness testing and training. We all need to be vigilant and look out for fake emails and websites, and know what we shouldn’t and should do.
Employees can and should be the last line of defence.
Infosec Cloud provides a managed Security Awareness Testing and Training (SATT) service in which simulated phishing emails are sent to employees. This system then helps employers to pick out which users are a threat to the security through social engineering and provide the necessary remedial training. Click here to read more >>