One of the most devious forms of cyber-attack is social engineering, or the gleaning of critical information about individuals or organizations through social media, email, or other social interactions. These insidious attacks pose a significant challenge to SOC teams because they rely on exploitation of your weakest link—people. As stated by Kevin Mitnick in his book, The Art of Deception, “A company can spend hundreds of thousands of dollars on firewalls, intrusion detection systems and encryption and other security technologies, but if an attacker can call one trusted person within the company, and that person complies, and if the attacker gets in, then all that money spend to technology is essentially wasted.”
The good news is that there are proven strategies for preventing damage from social engineering attacks. Through a two-pronged approach that involves training and technology, you can keep your systems, data, employees—and IT investments—safe.
Phishing, which is a form of social engineering, was the most commonly reported type of cyber-crime reported to the U.S. Internet Crime Complaint Center in 2020. These sophisticated attacks come through email, phone, or in person, and can fool even the most security-savvy professionals. However, with ongoing training and awareness campaigns based on phishing prevention best practices, you will improve employee vigilance and increase their detection of social engineering attempts. Your compulsory training should:
When creating training, you can refer to CISA’s Security Tip page for Avoiding Social Engineering and Phishing Attacks.
In addition to regular training, including reminders about phishing in company newsletters, blogs, social media, and on intranet sites continually raises awareness and reminds workers of the importance of remaining vigilant. You can also conduct phishing simulations by sending decoy emails and recording how your workforce responds. The results of these simulations can help shape and improve your training offerings and awareness campaigns.
By keeping the topic of phishing top of mind, your workforce becomes a force multiplier for security, preventing attackers from gaining a foothold into your systems.
Eventually, someone is going to click an infected link, respond to a socially engineered email, or provide credentials or system information to someone over the phone. These successful social engineering attacks give adversaries an attack path into your systems. When this happens, it’s critically important that you have tools in place that go beyond detection—you need a real-time, proactive cyber defense tactics built into your security stack to stop the attack before the attacker can do damage to your organization.
Proactive cyber defense is about shifting SOC teams’ mindset and operations to be engage earlier – rather than reactive or going on the offensive – and shaping your cyber environment (i.e., your networked assets, application stacks, and workloads) to your strategic advantage. It is an iterative and continuous process of investigation and discovery using threat intelligence, analytics, machine learning, threat hunting, and deception technologies to gain insights into known and unknown threats impacting your environment.
As defenders, you truly know your environment best and can use that information to protect your organization. A proactive cyber defense approach allows you to not only prevent or counter attacks—including successful phishing attempts—but to also to learn more about that adversary and better prepare for new attacks in the future.
Fidelis Cybersecurity®, the industry innovator in proactive cyber defense platforms, safeguards your enterprise before and after the attack. We continuously innovate to deliver unparalleled threat detection, deception, response, cloud security, and compliance capabilities. Fidelis Elevate®, an Active XDR platform, natively integrates deception technologies with detection and response for endpoint (EDR), network (NDR), and cloud. Fidelis Elevate lets you easily reshape the attack surface, lure adversaries away from critical assets, and neutralize threats before they damage your business. Fidelis CloudPassage Halo® provides defense-in-depth for cloud resources, with real-time visibility, threat detection, configuration monitoring, accelerated remediation, and powerful automation and integration capabilities to build proactive and predictive cyber defenses across your organization.