Precenting social engineering attacks podcast series mini header

Preventing Social Engineering Attacks: Strategies in Asia

LOGON TO CYBERSECURITY PODCAST

In this episode of LogOn to Cybersecurity Podcast, FastPass Founder, Finn Jensen, shared his insights and experience in dealing with social engineering attacks plus shared the most effective strategies for preventing social engineering attacks and protecting sensitive information.

Watch the full podcast here:

youtube-video-thumbnail

Some of the highlights of the podcast:

Email Phishing as the most common social engineering attack.

Email phishing is the most “popular” attack type for social engineers. It’s easy to understand why: Sending emails are cheap. Experience shows that some users will react. Low risk of being caught. Email phishing is like a shot gun! You fire against a crowd and hope that someone falls!

 

But sometimes the hacker needs access to specific accounts – might be from the Finance department or a privileged IT administrator. Then you need to be a sniper hitting the specific person. This is when you do social engineering with your phone and voice. This is called VISHING.

 

Risks of spear-phishing against the IT department

This is where the hacker operates with a rifle targeting a specific person and user-id. If the target is an IT-administrator then the hacker gets access to the IT-infrastructure. They can extract data, they can place ransomware, they can steal your inventions and your customer data.

If the hacker targets the Finance department they can approve payments and transfer large amounts to their own bank accounts. According to an IBM study, the cost of a data breach in USA is around 9.4M USD.

 

Lessons from the 2020 Twitter hack

The root cause of the Twitter hack was that the hacker misused the IT supporters emotions to issue a new password. Prevention must be to take emotions out of user verification. You can not expect humans not to have emotions, so a secure user verification must be done by an intelligent workflow using information and tokens not available to other than the user herself! The supporter must follow the workflow and only then will a new password be issued.

 

How organizations can prevent social engineering attacks

Preventing email phishing is first and foremost depending on user awareness training and monitoring. This means that you educate your staff in characteristics of a phishing email: Like reading the true sender and realizing that you must never give away passwords or account information to anyone you don’t know.

The same goes for vishing attacks. The primary problem is however that the supporters at the service desks must issue passwords to their users now and then.

 

It is important that secure verification workflows are integrated closely with the present IT Service Management tools like ServiceNow and other popular ITSM tools. When this is the situation then it’s straightforward to force the secure verification process into production. The FastPass Identity Verification solution can be implemented as a cloud offering or as an on-premise solution – entirely up to the preferred IT-strategy.

Finn Jensen

Finn Jensen | Founder, FastPasscorp

Related Posts

Scroll to Top