InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
Social engineering is a prevalent attack tactic that relies heavily on human deception, the first step in larger campaigns to gain unauthorized access to systems, networks, data or finances. Social engineering works by persuading individuals to disclose
information that provides the foundation to launch almost every type of cyberattack against an organization. This piece explains some common social engineering tactics and provides insight to help you build a comprehensive organizational program.
Social engineering is one of the most common and successful forms of attack against organizations in all sectors. Social engineering attacks impact both public and private sectors across every vertical. According to the 2020 Verizon Data Breach Investigations
Report (DBIR), social engineering attacks were the top threat action leading to a breach. In addition, CSO Online
reports “phishing attacks account for more than 80 percent of reported security incidents” and “$17,700 is lost every minute due to phishing attacks.”
Social engineering attacks have a common four stage process:
READ: How to Advance Your Phishing Program to Address Ransomware
Social engineering is prevalent, successful and costly, resulting in financial and operational losses, and it negatively impacts an organization’s employees and reputation. Employee security awareness is the first step to prevention followed by policy and technical controls.
To prevent and mitigate the impacts of social engineering, organizations should:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 8, 2022
By IANS Faculty
Find best practices for ensuring the security of your organization’s OT environment using this checklist based on the Purdue Reference Model for industrial control network segmentation.
December 6, 2022
By IANS Research
Improve your attack surface management plan using 9 steps to mitigate risk and strengthen enterprise security posture.
December 1, 2022
Improve your vendor management program using six focus areas to benchmark program maturity and identify key pitfalls to avoid.