A Fool Gets Beaten Even in Internet - Is The Internet Good or Bad?


Cyber Summer: Social Engineering | MTEC
Social engineering is a way of manipulating with people that have higher access to confidential
information and retrieving needed information in order to make some money out of this valuable
piece of information. Criminals usually approach social engineering every time differently and will
ask from you some sensitive data without you even realising it. Hackers use social engineering,
because it is usually easier and requires less effort to bypass or hack your system. In other words
it is always easier to trick somebody giving you his or her password rather than trying to guess or
hack the same password.

In social engineering the weakest factor is the human itself. Humans that have privileges and
access to your system can intentionally or unintentionally let criminals into the system and extract
some valuable data from it.

Avoiding Social Engineering and Phishing Attacks | Rhyme
Social engineering attacks
There are many social engineering attack types done before and everyday we see new methods
everyday so preventing these kind of attacks are almost impossible. Only thing that we can do is
minimize the threat and maximize the security inside of some group or company. Security is all
about giving the right person right privileges.

Some of the most common social engineering attacks are listed below:

  • Email from a friend: If a criminal succeeds in hacking some employees email he can send e-mail to the company and ask for some valuable information. In other cases he can send malicious download links to the other employees and once they download it to the company’s computers will be exploited.


  • Phishing: It is the most common type of social engineering attack. Usually it is emails that contain embedded malicious URLs. The aim of this is to obtain user’s credentials.


  • Malware: User’s are tricked to pay to uninstall the malware from their computer if not then this malware will damage their computer.





Transparent Employee Png , Free Transparent Clipart - ClipartKey


Educating and training employees
Nowadays educating employees is a crucial thing for every company. The numbers of threats are
significantly higher compared to a couple years ago. Giving information and educating employees
is not enough, the most effective practise is to train them and imitate possible attack scenarios.
The possible attack scenarios are following:

  • Email attack that contains malicious links
  • Weak passwords of the employees.
  • Smartphones should be password protected to protect valuable company related data.


Investing in employees training and employees will help the company in the long term. Having strict
security policies, up to date antiviruses and educated employees will keep companies not only safe
from possible cyber attacks but will help companies to grow and be more successful.

KnowBe4's Kevin Mitnick Security Awareness Training - YouTube
Mitnick formula

The Mitnick formula is one of the essential things in every big enterprise. Technology will never stop
developing and new threats will never stop appearing. The only thing that we can do is to follow these
simple rules to keep company’s valuable data safe from fraudsters.

  • Technology: networks, firewalls, antiviruses
  • Training: awareness of different attacks of employees
  • Policy: set procedures and requirements inside company




Comments

Post a Comment