Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Social engineering attacks focus on convincing individuals into bypassing security procedures to gain unauthorized access to systems, networks and data, usually for financial gain. As a first step in larger cyberattack operations, social engineering tactics
can create large-scale damage by infiltrating systems, stealing sensitive data or releasing malware. This piece details social engineering best practices, providing guidance to prevent attacks and recommending ways to mitigate them.
While social engineering is a human-centered form of attack, preventive measures must address not only people, but policy and technical controls as well across the organization.
Even a strong cybersecurity culture is not as effective without policies and procedures in place to provide documented guidance and enforce behaviors. Just as every employee is a potential target for social engineering, every policy and procedure should
consider potential social engineering vectors and provide specific guidance on steps to take to avoid a successful attack. Important examples include:
Once policies and procedures are established, it is critical to distribute them and have employees trained on the most important elements. General employee training should cover key concepts such as:
Even organizations with comprehensive policies and procedures and well-trained employees have been the victims of social engineering. The third element of preventing and mitigating social engineering attacks is technology.
Some effective technologies include:
READ: How to Create an Effective Anti-Phishing Program
Even if your organization has a well-balanced social engineering prevention program, you may still be successfully attacked. A good defense-in-depth strategy must include not only prevention, but response and recovery as well.
For example, organizations should create:
READ: How to Advance Your Phishing Program to Address Ransomware
Social engineering prevention and mitigation must cut across people, process and technology to be effective. While training users to be vigilant and aware is critical to preventing attacks, it is also important to have well-documented, easily accessible
ways to report social engineering attacks, in addition to technical controls that supplement training and provide automated policy enforcement.
Employee education is the first line of defense against social engineering. If the entire organization is aware of potential threats, your security strategies will be much easier to implement.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
February 29, 2024
By IANS Research
Access key data sets from the 2023 -2024 IANS and Artico Search’s Cybersecurity Staff Compensation Benchmark Report. Gain valuable insights on cybersecurity staff roles to hire and retain top security talent.
Access key data from IANS and Artico Search’s Compensation, Budget and Satisfaction for CISOs in Financial Services, 2023-2024 report. Find valuable insights around the Financial Services CISO role to help better understand your situation, improve job satisfaction and drive organizational change.
February 21, 2024
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.