
Protect your
WEAKEST SECURITY LINK
A GUIDE TO DEFENDING AGAINST SOCIAL ENGINEERING ATTACKS

AMATEURS
HACK COMPUTERS. PROFESSIONALS
HACK HUMANS.
2015 MARKED AN IMPORTANT YEAR
in the world of network security. For the first time, social engineering attacks outnumbered attacks on software vulnerabilities and exploits. This is a serious problem.
For companies to stay productive, they need employees to be able to work from anywhere on any device, often collaborating with people around the world. This mobility drives not only the need for secure file sharing and email accounts but also a fundamental shift in our approach to computer security.
Since January 2015, the number of victims identified by the FBI has increased 270%, costing businesses more than $2.3 billion1. The message to network security professionals is clear. Hackers are targeting the weakest link in any security
This book is your guide to helping you detect and prevent social engineering attacks, and to better understand how to defend your company from what has grown to become the dominant global cyberthreat.
Protect your weakest security |
1 |

what is
SOCIAL ENGINEERING?
Social engineering happens
when someone uses manipulation, influence or deception to get another person to release information or to perform some sort of action that benefits a hacker.
Hackers will often take advantage of genuine security gaps in your network. But at organizations of any size, layers of sophisticated computer security can be undone in seconds because one
Your employees could be tricked into anything from allowing someone to tailgate them into your data center to giving up their passwords or user
IDs over the phone. Social engineers go to great lengths to gain access to data they can exploit, such as:
PERSONAL INFO passwords, account numbers
COMPANY INFO
phone lists, identity badges
SERVER INFO
servers, networks,
Familiarizing yourself with social engineering techniques is your first line of defense.
So, what does a social engineer sound like?
You might believe that social engineers would be easy to spot. But often enough, they sound like people you run into at work every day.
ON THE PHONE
“This is Kevin from IT. We've been notified of a virus on your department’s machines.”
One of the most common
AT THE RECEPTION DESK
“Hi, I’m the service tech from HP and I think Ellen is expecting me at 1pm.”
This is why it’s so important that
AT THE BUILDING ENTRANCE
“Oh! Wait, could you please hold the door? I left my key/access card in my car.”
People want to be helpful, and they often downplay the risks of engaging with someone they don’t
Protect your weakest security |
2 |

tactic
no. 1
SPEAR PHISHING
Spear phishing is a targeted email attack in which a hacker uses email to masquerade as someone the target knows and trusts. This is often as simple as copying the name of a CEO from a company website and then sending an email using this name to anyone on the company’s corporate domain.
Spear phishing is the single most common (and effective) social engineering tactic. You’ve likely seen subject lines like these before and hopefully hit “delete” right away:
"Notice of pending layoff: Click here
to register for severance pay."
"In an effort to cut costs, we’re sending
this year’s
But hackers are getting more convincing and creative with email that, when opened, infects your machine. Here are a few tactics to watch for…
USING THE NEWS AGAINST YOU – Whatever’s getting attention in the news can be used as social engineering lures. For example, 2016 has seen a rise in the number of spam messages related to the presidential campaign.
ABUSING FAITH IN SOCIAL NETWORKING SITES – Millions of people use social networking sites like Facebook and LinkedIn daily, so they develop a certain trust in them. Then, when an email says, “Your Facebook account is undergoing routine maintenance, please click to update your information,” you don’t think twice before you click.
Protect your weakest security |
3 |

tactic
no.2
DUMPSTER
DIVING
Dumpster diving is exactly what it sounds like: A hacker digs through the trash that unsuspecting employees have thrown away. Valuable finds might include:
Junk mail (especially credit card offers), which can contain personal identification info that’s just the ticket to identity theft.
Company phone lists and org charts that offer numbers and locations that make it easier to impersonate
Corporate letterhead that can be used to fake
Hackers will also buy refurbished computers and will pull confidential information from hard drives, even after users think they have deleted it.
Protect your weakest security |
4 |

SOCIAL ENGINEERING ATTACKS HAVE THE POTENTIAL TO CRIPPLE BUSINESSES.
Protect your weakest security |
5 |

tactic
no.3
10° OF SEPARATION
Social engineers are clever, methodical, and patient. They often start by building a rapport with more accessible people in an organization— like an administrative assistant or a guard at the
The criminal may begin by gathering personal nuggets about team mem bers, as well as other "social cues" to build trust or even successfully masquerade as an employee. Some of their strategies are incredibly simple, and insidious:
THEY LEARN YOUR INDUSTRY
THEY BORROW YOUR 'HOLD' MUSIC – In this deceptively simple scheme, the criminal calls, gets put on hold, and records the music. Then, when he calls his victims and puts them on hold, the familiar music serves as a psychological cue that the caller is trustworthy and on the inside.
THEY SPOOF YOUR PHONE NUMBER – Criminals make an inside number show up on the victim’s caller ID, which makes the victim more willing to offer confidential information like passwords over the phone.
Protect your weakest security |
6 |

let's talk about
IMPACT
Protect your weakest security
Social engineering is a very real problem with very few real solutions. In addition
to the obvious financial toll, a company’s reputation can take a major hit when a hack becomes public. Compromised personal data can erode the faith and goodwill of its customer
1 Attackers are increasingly infecting computers by tricking people into doing it themselves
A
2 On social media, phishing is 10 times more likely than malware
Because creating fake social media accounts for known brands is so easy, phishing is the fastest growing social media threat. Distinguishing the fraudulent from the legitimate is tough too: 40% of accounts claiming to represent Fortune 100 companies on Facebook and 20% on Twitter are unauthorized.3
3 More than 2 billion mobile apps that steal personal data have been willingly downloaded
Email and social media are not the only social engineering
7

social engineering attacks
HAVE GONE GLOBAL
No country is immune to social engineering attacks, no matter how sophisticated its technology. This graphic shows the distribution of top social engineering campaigns by geographical region.
2015 WORLDWIDE
MALWARE ATTACKS
Protect your weakest security |
8 |

how do you
PROTECT YOUR ORGANIZATION?
Social engineering is an
disastrous reality. So, what can organizations like yours do proactively to protect your vulnerable people and keep valuable data out of the hands of scam artists with intent to do harm?
What follows is a list of tangible changes you can make and security policies you can implement that can help. But remember, for any of this work to be effective, education is absolutely crucial. To mitigate your risk, start with
Clearly articulate an
Password management – Outline rigorous standards for secure passwords and insist on regular expiration and change. Also ensure careful onsite and remote access authorization and accountability.
Information classification – Ensure that confidential information is clearly called out and handled as such.
Document destruction – Confidential info should be shredded rather than tossed into the trash or recycling.
Physical security – Controls such as visitor logs, electronic security devices, escort requirements, and background checks are key to a comprehensive security policy.
Build a security- aware culture
Promote an awareness of threats and risky behavior – Educating employ- ees on the
Empower employees to recognize threats and make smart security decisions on their own – Because social engineering tactics change so frequently, fostering a sensitivity to risk and the tools for addressing it immediately and locally is key.
Embed security awareness deeply in the minds of your team members – You’ve probably heard of the “see something/ say something”
Protect your weakest security |
9 |

THE WORLD IS NOW
MADE OF COMPANIES THAT HAVE BEEN HACKED, AND COMPANIES THAT ARE ABOUT TO BE HACKED.
Protect your weakest security |
10 |

what's
YOUR EMPLOYEES ARE ONE OF
THE BEST
RESOURCES YOU
HAVE TO PROTECT
YOUR SYSTEM.
First of all, no matter how strong your technical security is, your organization’s people are often the most vulnerable link in the chain. But, with thorough, thoughtful, and regular education, they can also be your biggest asset in your fight against social engineering. However, this is only possible when every individual in the organization clearly understands the very real risks, the strategies that can offer protection, and the
Finally, because the fight against social engineering is so complex and challenging, no ONE suggestion or strategy outlined here will guarantee security. But, by proactively attacking the problem from all sides, adopting viable prevention strategies, and pro- moting a
Protect your weakest security |
11 |

ALL OVER THE GLOBE, SOCIAL ENGINEERING IS A DOMINANT
AND GROWING THREAT TO ORGANIZATIONAL SECURITY.
Microsoft invests over $1 billion a year in cybersecurity research, and has developed a
1.9th Annual Report. Information Security Trends. ComTIA
2.Proofpoint Report, 2016. The Human Factor
3.Research Paper: The State of Social Media Infrastrucutre. NextGate
4.Proofpoint Report, 2016. The Human Factor
5.(Map) Proofpoint Report, 2016. The Human Factor
2 Replies to “Use Minimal Amount On All Foods”
Leave a Reply
Your email address will not be published.
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Laudantium eius, sunt porro corporis maiores ea, voluptatibus omnis maxime
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Laudantium eius, sunt porro corporis maiores ea, voluptatibus omnis maxime