Avoid Social Engineering Attacks by Reducing Your Risk Surface
Attacks like diversion thefts, shoulder surfing, and phishing are just a few examples of social engineering attacks, which rely on manipulating certain human behaviors to be successful. But what exactly is social engineering, and how do we reduce our vulnerability to it?
In short? It comes down to basic manipulation
Social engineering is when an attacker manipulates a person into doing something–like sharing login credentials or leaving their computer unlocked and unattended–that suits the attacker’s motive.
Attackers often make use of deceptive or diversionary tactics as part of their effort. So, how do we limit our vulnerability to attacks that play off of our own subconscious reactions?
Reducing your vulnerability
At the end of the day, there is no perfectly secure organization, but there are things you can do to help limit its success and/or impact.
1. User Awareness
The human element in organizations will always be a vulnerable point in nearly every security conversation, but it is especially true when it comes to social engineering. By its very definition, after all, you can’t socially engineer anything without first having people to be social with.
Providing regular training sessions for your employees on cybersecurity topics including phishing and social engineering will empower them to take a proactive approach.
2. Review your policies and procedures
Consider including the following in your policies:
- Safety first! Make always locking computers the standard behavior,
- Standardize emails and signatures: If your company standardizes the way emails and signatures are supposed to look, then a good social engineer would have to have received an email from someone in the company to copy the format and the signature. This helps to separate out the targeted attacks from lower-quality bad actors.
- Make a call: For significant actions such as arranging for a transfer of funds, having a phone conversation with the individual on the other end to confirm details after sending an email is a good way to double check that you’re communicating with the actual person on the other end.
- Easily verify identities: Consider having a company directory available to all employees so they can verify the identity of people within the company, reducing the likelihood of a social engineering attack impersonating someone internally.
- If in doubt, check: Always ask the sender if a link is legitimate if you aren’t sure–BEFORE clicking on the link.
- Reporting: Have a clear course of action–and one without shaming–for employees to report social engineering attempts–and communicate and practice them regularly. It’s the best way to prevent further [damage loss], and the only way to learn what methods the attackers are using. Shaming people for falling victim to phishing and other social engineering attacks only makes it less likely they’ll report it in the future.
3. Technical controls
There are a few options that you can utilize to limit access to known phishing links, but it depends on how much control you have over the end point. With the right setup, you could:
- Control DNS–ensuring you have an SPF DNS record for your domains to help protect against email spoofing is a good idea.
- Have the ability to shut down computers and rapidly isolate them from the network. Rapid isolation is generally better than shutting down, as powering off a system might result in the loss of evidence in memory (such as encryption keys) that might help recover from an incident.
- Routing traffic? Don’t route that IP address.
- Proxy for control at the URL level. Having this level of visibility and control into your web traffic is a big improvement over simply seeing source and destination IP addresses.
Attackers attempt to exploit aspects of basic human behavior when using social engineering–but that doesn’t mean we can’t take steps to defend against those efforts. Hopefully these options help you reduce your vulnerability.
Want to talk more about how to secure your organization? Contact us! We’re here to help.
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.