What is social engineering?
Social engineers exploit human behavior (manners, enthusiasm toward work, laziness, innocence, etc.) to achieve access to the targeted company’s information resources. Social engineering attacks are difficult to protect against, because the victim won’t remember that he or she has been deceived. They’re greatly almost like other forms of attacks wont to extract the company’s valuable data. To protect against social engineering attacks, an organization must evaluate the danger of various sorts of attacks, estimate possible losses, and spread awareness among its employees. This section deals with countermeasures that an organization can implement to be safer against social engineering attacks.
Attackers implement social engineering techniques to trick people into revealing organizations’ lead. They use social engineering to perform fraud, industrial espionage, and so on. To protect against social engineering attacks, organizations must develop effective policies and procedures; learn more about Social Engineering in CEH from Infosavvy.
What are countermeasures for social engineering?
Disseminate policies among employees and supply proper education and training. Specialized training benefits employees in higher-risk positions against social engineering threats.
Obtain employees’ signatures on a press release acknowledging that they understand the policies. Define the results of pinky violation. Official security policies and procedures help employees/users make the proper security decisions, and will include the subsequent safeguards.
The main objectives of social engineering defense strategies are to make user awareness, robust internal network controls, and secure policies, plans and process.
Password policies help in increasing password security and that they state the following:
Change passwords regularly.
Avoid passwords that are easy to guess. it’s possible to guess passwords from answers to questions like , “Where were you born?” “What is your favorite movie? or “What is that the name of your pet?”
Block user accounts if a user exceeds certain number of failed attempts to guess a password.
Choose lengthy (minimum of 6-8 characters) and complicated (using various alphanumeric/special characters) passwords.
Do not disclose passwords to anyone.
Password Security policies often include advice on proper password management, for example:
- Avoid sharing a computer account.
- Avoid using identical password for various accounts.
- Avoid storing passwords on media or writing on a notepad or sticky note.
- Avoid communicating passwords over the phone, email, or sms.
Do not forget to lock or pack up the pc before leaving the desk. Learn more about Social Engineering Countermeasure in CEH from Infosavvy.
How can people be safe from social engineering attacks?
Physical Security Policies
- Physical security policies address the subsequent areas.
- Issue identification cards (ID cards), and uniforms, alongside other access control measures to the workers of a specific organization.
- Office security or personnel must escort visitors into visitor rooms or lounges.
- Restrict access to certain areas of a corporation so as to stop unauthorized users from compromising security of sensitive data.
- Old documents containing some valuable information must be disposed of by using equipment like paper shredders and burn bins. This prevents operation by attackers using techniques like dumpster diving.
- Employ security personnel in a corporation to guard people and property. Assist trained security personnel by alarm systems, surveillance cameras, etc.
Social Engineering Campaign – a corporation should conduct numerous exercises using different techniques on a various group of individuals so as to look at how its employees would react to a true social engineering attacks.
Gap Analysis– From the knowledge obtained from the social engineering campaign, evaluation of the organization is predicated on industry leading practices, emerging threats and mitigation strategies.
Remediation Strategies – Depending upon the results of the evaluation in gap analysis, an in depth remediation plan is developed that might mitigate the weaknesses or the loopholes found in earlier step. The plan focuses mainly on educating and creating awareness among employees supported their roles, identifying and mitigating potential threats to a corporation, learn more about how people can be safe from social engineering attack in CEH from Infosavvy.
How can social engineering be avoided?
- Train Individuals on Security Policies: An efficient educational program should contain basic concepts and techniques, all security policies and methods to extend awareness about social engineering.
- Implement Proper Access Privileges: There should be an administrator, user, and guest accounts with proper authorization.
- Presence of Proper Incidence Response Time: There should be proper guidelines for reacting just in case of a social engineering attempt.
- Availability of Resources Only to Authorized Users: confirm sensitive information is secured and resources are accessed only by authorized users
- Scrutinize Information: Categorize the knowledge as top secret, proprietary, for internal use only, for public use, etc.
- Background Check and Proper Termination Process: Insiders with a criminal background and terminated employees are easy targets for procuring information.
- Anti-Virus /Anti-Phishing Defenses: Use multiple layers of anti-virus defenses at end-user and mail gateway levels to reduce social engineering attacks.
- Implement Two-Factor Authentication: rather than fixed passwords, use two-factor authentication for high-risk network services like VPNs and modem pools. within the two-factor authentication (TFA) approach, the user must present two different sorts of proof of identity. If an attacker is trying to interrupt into a user account, then he or she must break the two sorts of user identity, which is harder to do. Hence, TEA may be a defense-in-depth security mechanism and a part of the multifactor authentication family. the two pieces of evidence that a user should provide could include a physical token, like a card, and typically something the person can remember without much efforts, like a security code, PIN, or password.
- Adopt Documented Change Management: A documented change-management process is safer than the ad-hoc process.
- Ensure an everyday Update of Software: Organization should make sure that the system and software are regularly patched and updated as the attackers exploit un patched and out-of-date software so as to get useful information to launch an attack. learn more about Social engineering attack can be avoided in CEH from Infosavvy.
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com