Monday, 18 May 2020 23:09

Social Engineering: A cause of concern for Australian Businesses

By
Mark Padginton, Key Account Manager, JAMF Mark Padginton, Key Account Manager, JAMF

GUEST OPINION By Mark Padginton, Key Account Manager JAMF: Most Australian businesses have deployed tools and services to improve their IT security, yet many remain vulnerable due to one key factor: human beings.

Social engineering has become the conduit of choice for cybercriminals as they work to penetrate networks to cause disruption and financial loss. Unfortunately, it’s a conduit that can be difficult to close.

According to a recent report from the Office of the Australian Information Commissioner*, malicious or criminal attacks (including cyber incidents) accounted for 64% of all data breaches while phishing attacks caused at least 15% of the data breaches reported to its office. Human error is also noted as a critical factor and caused 32% of reported incidents.

Different techniques

Social engineering is used by cybercriminals in a range of different ways. Some use social networking platforms to harvest personal details about individuals and then use that information to craft emails and text messages that appear to be authentic.

For example, a recipient might receive an email that seems to have come from their company’s HR department asking them to confirm personal details. Alternatively, a text message might be received that has apparently been sent by the individual’s bank. It could ask them to enter credit card or bank account details which are then stolen and misused.

Other techniques involve using physical items such as USB storage keys. A staff member could be sent a key that appears to have come from a reputable source and contain important business data. However, once that key is inserted into a corporate PC, the malware contained on it quickly spreads into the organisation’s IT infrastructure.

free
hit counter

Create a human firewall

Clearly, human beings are on the front line when it comes to social engineering attacks, yet this doesn’t mean there’s nothing that can be done to improve security. Increasing numbers of organisations are building what’s termed ‘human firewalls’ designed to reduce incidents and prevent malicious attacks.

Human firewalls are groups of employees who are committed to following best-practice steps when it comes to cybersecurity. The bigger the group gets within an organisation, the stronger the firewall becomes.

*https://www.oaic.gov.au/updates/news-and-media/email-highlighted-as-a-key-risk-for-data-breaches/

Creating an effective human firewall to help overcome the challenges of social engineering requires a few important steps. They are:

  • Explain the reasons: Begin by explaining to all staff why the strategy is being followed and how important it is for overall IT security. Some may already be very vigilant and aware of potential social engineering techniques, but many may not. Hold an organisation-wide session to kick things off.
  • Keep it simple: Corporate cybersecurity strategies can be complex beasts. Rather than trying to inform everyone about everything, start with some simple, practical steps that everyone can immediately follow. These may include not clicking on suspicious attachments or inserting unknown USB drives into PCs. Staff should also be encouraged to report any unusual communications or requests to their internal security team for review.
  • Continue the education: Creating a human firewall is not a one-off activity. Staff should be regularly encouraged to remain vigilant and informed of any new threats that might be identified.
  • Explain the software you’re using to protect devices. With a strong mobile device management (MDM) partner, organisations can protect company and user data without impacting the end user experience. Explain to employees what the software does and doesn’t look for, and what IT is able to access on their device if they find it is infected.
  • Recognise contributions: When staff identify things such as attempted phishing attacks, ensure their efforts are recognised. This will make it more likely that others will take the challenge seriously.
  • Don’t forget contractors: Many organisations have contractors who join teams for extended periods. Ensure they are included in the human firewall push and understand their role in keeping IT resources secure.

By following these steps, Australian organisations can help to reduce incidents of social engineering that lead to cyberattacks. Staff can become a strong protective layer that will prevent cybercriminals from gaining access and causing problems.

Humans will always make mistakes, but well informed and motivated humans can actually become a valuable part of an organisation’s overall security strategy.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Staff Writer

ITWire has a variety of guest journalists and contributors posting on a regular basis. They are used as overflow for big news days and big news weeks.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments