What does Social Engineering mean?
Nowadays, Social Engineering is one of the most widespread attack models besides the traditional hacking attack.
In Social Engineering, employees are approached via telephone, e-mail, SMS or even in person in the building or in public spaces, and through these interactions attempts are made to gain access to internal company information and data (both technically and physically).
Why is Social Engineering dangerous?
Technical systems can be well protected against attacks, both technically and physically. However, the human risk factor is difficult to calculate and can easily undermine a well thought out protection measures. Current statistics show that more than 90% of modern cyberattacks are based on or involve social engineering techniques.
For this reason, it is important to increase employees' awareness against these attack possibilities.
What are the different types of Social Engineering?
Social Engineering can come in a variety of types. The following are some examples:
Physical impersonation:
Attackers often use this method to penetrate the organization to obtain confidential data or install malicious code. They impersonate cleaners, police officers, or other individuals with the goal of enabling unauthorized intrusions. Therefore, it is important for companies to implement measures against social engineering.
Phishing:
You're probably already familiar with this form of social engineering spread through emails. These emails often appear in the form of "your bank", "Google security", "a court summons" or "your dearest friend". If you click on links or file attachments in this email, you are exposed to a phishing attack. By doing so, the attackers try to obtain credentials or install malware. Human deception and tricks are very popular methods in phising.
Spear phishing:
This is a so-called subversion of phishing that targets a specific person, usually a CEO or another influential person. Attackers gather a lot of information about that person before launching the attack, so the email sent to the subject looks very genuine.
Vishing:
Vishing is a type of Social Engineering, which takes place by phone. The perpetrators call and try to get the target to give out banking information, such as PIN and CVV code.
Usually, the caller pretends to be from a financial service provider or a similar institution.
How can DIESEC support you in this topic?
As DIESEC, we support you in educating your employees about Social Engineering and thus create a necessary awareness in your company.
In order to create a necessary awareness for this topic, we have developed a corresponding program as follows:
In the first step, our specialists will perform social engineering tests under real conditions in your company, such as test phishing emails or even vishing attacks.
In the second step, your employees will be sensitized to the topic of Social Engineering attacks in your company. Taking into account the results from the first step, the campaign will be adapted accordingly.
After a successful sensitization and the artificial social engineering attacks, the employees should be aware of a possible Social Engineering attack and how to deal with it.
Are you interested in a social engineering awareness campaign?
If you have any questions, please feel free to contact us. We are looking forward to your message.