Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Social engineering attacks focus on convincing individuals into bypassing security procedures to gain unauthorized access to systems, networks and data, usually for financial gain. As a first step in larger cyberattack operations, social engineering tactics
can create large-scale damage by infiltrating systems, stealing sensitive data or releasing malware. This piece details social engineering best practices, providing guidance to prevent attacks and recommending ways to mitigate them.
While social engineering is a human-centered form of attack, preventive measures must address not only people, but policy and technical controls as well across the organization.
Even a strong cybersecurity culture is not as effective without policies and procedures in place to provide documented guidance and enforce behaviors. Just as every employee is a potential target for social engineering, every policy and procedure should
consider potential social engineering vectors and provide specific guidance on steps to take to avoid a successful attack. Important examples include:
Once policies and procedures are established, it is critical to distribute them and have employees trained on the most important elements. General employee training should cover key concepts such as:
Even organizations with comprehensive policies and procedures and well-trained employees have been the victims of social engineering. The third element of preventing and mitigating social engineering attacks is technology.
Some effective technologies include:
READ: How to Create an Effective Anti-Phishing Program
Even if your organization has a well-balanced social engineering prevention program, you may still be successfully attacked. A good defense-in-depth strategy must include not only prevention, but response and recovery as well.
For example, organizations should create:
READ: How to Advance Your Phishing Program to Address Ransomware
Social engineering prevention and mitigation must cut across people, process and technology to be effective. While training users to be vigilant and aware is critical to preventing attacks, it is also important to have well-documented, easily accessible
ways to report social engineering attacks, in addition to technical controls that supplement training and provide automated policy enforcement.
Employee education is the first line of defense against social engineering. If the entire organization is aware of potential threats, your security strategies will be much easier to implement.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 21, 2023
By IANS Faculty
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.
September 14, 2023
Learn how to use a three-step approach to defending and managing public and private APIs while avoiding common mistakes.