One of the most devious forms of cyber-attack is social engineering, or the gleaning of critical information about individuals or organizations through social media, email, or other social interactions. These insidious attacks pose a significant challenge to SOC teams because they rely on exploitation of your weakest link—people. As stated by Kevin Mitnick in his book, The Art of Deception, “A company can spend hundreds of thousands of dollars on firewalls, intrusion detection systems and encryption and other security technologies, but if an attacker can call one trusted person within the company, and that person complies, and if the attacker gets in, then all that money spend to technology is essentially wasted.”
The good news is that there are proven strategies for preventing damage from social engineering attacks. Through a two-pronged approach that involves training and technology, you can keep your systems, data, employees—and IT investments—safe.
First: Start with Training and Awareness
Phishing, which is a form of social engineering, was the most commonly reported type of cyber-crime reported to the U.S. Internet Crime Complaint Center in 2020. These sophisticated attacks come through email, phone, or in person, and can fool even the most security-savvy professionals. However, with ongoing training and awareness campaigns based on phishing prevention best practices, you will improve employee vigilance and increase their detection of social engineering attempts. Your compulsory training should:
- Show how phishing attempts work: Phishing employs social engineering tactics to gain trust or urge spontaneous action. These tactics trick victims into taking an action, such as clicking a link or divulging personal or organization information.
- Provide a clear course of action at the time of detection: Employees need to know how to avoid a phishing attempt, and who to contact if they are unsure of the validity of an email, phone, or other request.
- Offer procedures for reporting a successful phishing attack: Eventually, someone from even the best-trained workforce falls for a phishing attack. Your organization needs to be prepared so that the individual, and the organization, can protect themselves after the attack.
When creating training, you can refer to CISA’s Security Tip page for Avoiding Social Engineering and Phishing Attacks.
In addition to regular training, including reminders about phishing in company newsletters, blogs, social media, and on intranet sites continually raises awareness and reminds workers of the importance of remaining vigilant. You can also conduct phishing simulations by sending decoy emails and recording how your workforce responds. The results of these simulations can help shape and improve your training offerings and awareness campaigns.
By keeping the topic of phishing top of mind, your workforce becomes a force multiplier for security, preventing attackers from gaining a foothold into your systems.
Next: Reinforce Security with a Proactive Cyber Defense
Eventually, someone is going to click an infected link, respond to a socially engineered email, or provide credentials or system information to someone over the phone. These successful social engineering attacks give adversaries an attack path into your systems. When this happens, it’s critically important that you have tools in place that go beyond detection—you need a real-time, proactive cyber defense tactics built into your security stack to stop the attack before the attacker can do damage to your organization.
Proactive cyber defense is about shifting SOC teams’ mindset and operations to be engaged earlier – rather than reactive or going on the offensive – and shaping your cyber environment (i.e., your networked assets, application stacks, and workloads) to your strategic advantage. It is an iterative and continuous process of investigation and discovery using threat intelligence, analytics, machine learning, threat hunting, and deception technologies to gain insights into known and unknown threats impacting your environment.
As defenders, you truly know your environment best and can use that information to protect your organization. A proactive cyber defense approach allows you to not only prevent or counter attacks—including successful phishing attempts—but to also to learn more about that adversary and better prepare for new attacks in the future.
Protect Your Entire Hybrid IT Environment with Fidelis Platforms
Fidelis Security®, the industry innovator in proactive cyber defense platforms, safeguards your enterprise before and after the attack. We continuously innovate to deliver unparalleled threat detection, deception, response, cloud security, and compliance capabilities.
Fidelis Elevate®, an Active XDR platform, natively integrates deception technologies with detection and response for endpoint (EDR), network (NDR), and cloud. Fidelis Elevate lets you easily reshape the attack surface, lure adversaries away from critical assets, and neutralize threats before they damage your business.
Fidelis CloudPassage Halo® provides defense-in-depth for cloud resources, with real-time visibility, threat detection, configuration monitoring, accelerated remediation, and powerful automation and integration capabilities to build proactive and predictive cyber defenses across your organization.
