How aware are you when it comes to social engineering?

How aware are you when it comes to social engineering?

Cybercrime is huge; indeed, no other criminal activity is quite so lucrative, thus it is imperative that you prepare and protect both your business and your personal life to mitigate the inconvenience and the cost of an attack.

There are some basic hygiene factors that every business needs to have in place. Firstly, ensure that you have appropriate insurance cover and that you understand what this is and the terms and conditions. Secondly, cybersecurity training is essential at every level of the business from the boardroom to the factory floor, indeed the ICO guidelines now say that training for new employees must happen within 30 days of starting their employment (plus before they access client data) and that it’s repeated at least annually.

Any training program you undertake should include appropriate content exploring the many different strategies deployed by social engineers (one of the prevalent forms of attack).

Social Engineers trick and manipulate their victims to do something which is not in their best interests (giving away passwords, banking info or allowing access) using techniques which provide enough pieces of the jigsaw, that decisions are made using sub-conscious thinking, as opposed to rational, logical conscious thinking.

At ramsac we focus on five areas of social engineering.

The first is Phishing, and most people are familiar with the concept of this, it uses email activity to trick the target. There are multiple techniques and categories of phishing including Whaling (or CEO Crime) and MITM ‘man in the middle’ strikes.

Second is Vishing, this is voice solicitation, and the challenger will make a phone call pretending to be the bank, law enforcement, HMRC etc. Often spoofing the phone number they are calling from to make it look like a number you are expecting (even your own office number!).

Third is Smishing, this is like phishing but using SMS or Text messages to trick the target. The average UK adult receives 9 smishing attempts each month on average, pretending to be DPD, The Post Office, Amazon etc. This is tricky because unlike phishing you can’t however the mouse of a smishing link to see if the URL offers any clues.

Fourth is Qrishing, this method tricks someone by getting them to scan a QR Code, this problem increased no end during Covid as more people became used to scanning into a venue, the problem is that it’s easy to print a dodgy QR code and stick it over a legitimate one. When someone open the QR code they get taken to a website designed to cause digital harm.

Finally, we must discuss with our teams the problem of Impersonation. The Cyber Criminal can save a lot of time trying to break into sophisticated IT security by simply getting inside the targets office building. This might simply be by sending the target USB keys and getting them to do the work for them, however, dressing as a supplier and walking into a building is unfortunately too easy for many. The concept of hiding in plain sight has never been truer and wearing a high-viz jacket and carrying a clipboard opens far too many doors. Some criminals will pretend to be the company that change your sanitary waste bins, the question is, if someone appropriately dressed walked in to your reception with two waste bins under their arms, how many people in your organisation would stop to question, identify or talk to them?

It doesn’t matter who you are or what your business does, you will eventually be the victim of a cybersecurity attack, thinking that it won’t happen to you is simply naive. Please ensure that you give sufficient time to understand the risks, practice your defence and engage with experts to ensure that you, your business, family and loved ones stay as safe as possible.

Rob May is Managing Director of ramsac who have specialised in cybersecurity and strategic technology for the last 30 years. He is also a Speaker, Author, UK Ambassador for CyberSecurity with the IoD and on the Board of The Cyber Resilience Centre in the South East (a collaboration between Business, Academia and Law Enforcement).

Cyber Resilience Certification

Looking for more information on how the Cyber Resilience Certification can improve your cybersecurity protection for your organisation? Download our factsheet.

Related Posts

  • What is cyber insurance and do you really need it? 

    What is cyber insurance and do you really need it? 

    Cybersecurity

    Cyber insurance can mitigate a business against damages and financial loss caused by a cyberattack. But what does cyber insurance cover? Find out here. [...]

    Read article

  • The importance of supply chain cybersecurity and risk management 

    The importance of supply chain cybersecurity and risk management 

    Cybersecurity

    Supply chains are areas of increasing cybersecurity risk. What is the exact problem, and how can you address it? Discover this and more in our latest blog. [...]

    Read article

  • Over $200 Million Lost to Cyberattacks in 2022 Alone, Study Shows

    Over $200 Million Lost to Cyberattacks in 2022 Alone, Study Shows

    Cybersecurity

    ramsac can now reveal which 25 of the world’s largest public companies listed in Forbes Global 2000 could suffer the biggest financial loss due to cyberattacks, based on 12 [...]

    Read article

  • Measuring cyber resilience & your human firewall

    Measuring cyber resilience & your human firewall

    Cybersecurity

    Safeguarding your organisation against cyber threats has become increasingly vital, and assessing where you are currently in your cyber resilience journey is a fundamental step in understanding how best [...]

    Read article

  • Celebrating Cybersecurity Awareness Month

    Celebrating Cybersecurity Awareness Month

    Cybersecurity

    October is Cybersecurity awareness month, follow us on LinkedIn or Twitter for daily tips on how you can protect your organisation against Cybercrime. [...]

    Read article

  • How cybercrime costs the UK economy nearly £27B every year

    How cybercrime costs the UK economy nearly £27B every year

    Cybersecurity

    Cybercrime costs claims nearly £27 billion of the UK economy almost every year. Cybercrime has only become more common, affecting many industries. Read more. [...]

    Read article