Security is all about knowing who and what to trust and more importantly, when and when not to trust. While communicating, ensure that you know who is on the other end and that the identity of the person is correct. The same applies to a website where you share your information, whether the website or application is legitimate.
Any information security professional will explain how ‘humans’ can be targeted easily because of our nature to trust. No matter how many locks and passwords you employ, or any infrastructure or fences that you make to keep your confidential information away from the reach of the intruders, it is human error that gives way to social engineered attacks.
97% of malware target via social engineering attack techniques. [1] | More than 90% of successful attacks have ‘human’ as the “Kill Switch”. [1] |
Few Tips to Avoid Social Engineered Attacks
1. Slow Down
Never let the urgency of hindering the attack cloud your judgement. Attackers intentionally create panic and force you to behave according to their planned strategy. Slow down and be calm.
2. Beware of Friendly Callers
Attackers attempt to be friendly with you on a call to gain your trust. If the call makes you suspicious, be sceptical and analyse the genuine identity of the caller.
3. Think Before Posting on Social Media
Are you posting the information that should be private? Geo-tagging your pics, giving details of your travel itinerary, sharing information about your office, etc. gives direct access to the attackers who follow your social media activity. Re-verify what you post at all times. Be alert and safe!
4. Update Your Software Regularly
By keeping your software updated a lot of attacks can be mitigated. Keep your software updated with the latest patches before any malware strikes.
5. Dual Verification
When attackers show urgency in making you share data, the dual verification will be of great help. Having the important logins redirected to your phone or email will alert you when anybody tries to gain unauthorised access.
6. Education Is Key
Educating your staff is the most powerful tool to combat social engineering attacks. Employees should be taught how to access and share data safely, identify risk and deal with malicious links, websites, etc.
To conclude, there are many different types of social engineering attacks and simultaneously there are many ways to combat them too. It is education and awareness that can help any individual or a company learn the required skills to stay safe from such attacks. EC-Council University offers degree programs – Bachelor of Science in Cybersecurity and Master of Science in Cybersecurity which enlighten cybersecurity enthusiasts and professionals on various subjects of information security. These programs provide a 360-degree learning to students, giving them the skills required to combat attacks of different types, including social engineering attacks. Individuals looking at educating themselves in a single domain of cyber security may opt for a singular course that specifically deals with an area of interest.
Sources: