Source |
ProofPoint |
Identifiant |
8452767 |
Date de publication |
2024-02-20 08:45:00 (vue: 2024-02-20 16:09:02) |
Titre |
Guardians of the Digital Realm: Comment vous protéger de l'ingénierie sociale Guardians of the Digital Realm: How to Protect Yourself from Social Engineering |
Texte |
Social engineering has been around for as long as coveted information has existed. In the digital realm, threat actors use this psychological manipulation tactic to drive people to break normal security procedures. It is a con game that relies on human error rather than digital hacking.
These are some common forms of social engineering in digital communications:
Impersonation. In these attacks, bad actors pose as trusted entities.
Pretexting. Bad actors use fake stories to bait their targets into revealing sensitive information.
Baiting. Attackers use promises of rewards or benefits to lure in their targets.
In social engineering attacks, bad actors exploit psychological principles like trust, the fear of missing out, authority and the desire to be helpful. When you and your users learn to recognize these triggers, you can build a strong defense. In this blog post, we\'ll cover three more steps you can take to protect yourself and your business.
1. Build a human firewall
If you want your employees to be able to recognize social engineering attacks, you need to educate them. Training should cover various types of social engineering tactics. Some top examples include:
Phishing
Telephone-oriented attack delivery (TOAD)
Pretexting
Baiting
Quid pro quo
Tailgating
It\'s a good idea to keep your employees informed of the latest attack trends. That is why continuous education has more of an impact than one-off training sessions. Regular updates can help you keep your workforce up to speed.
You may want to support your training efforts with a comprehensive security awareness platform. It can provide content that\'s designed to increase user participation and help lessons stick, like gamification and microlearning. Quizzes, interactive modules and mock phishing scenarios can all help your users learn how to become better defenders, too.
Actionable tips:
Test your team with simulated phishing emails at least once a month
Conduct security awareness training sessions at least once per quarter
Build a yearlong campaign that also provides employees with other training information, like digital newsletters or packets that they can take home
2. Slow down and ask questions
You might assume your security team has put technology in place to defend against social engineering. However, there is no silver bullet to stop these attacks. That\'s why you need to approach digital communications with a critical eye, especially when they include requests for sensitive information or prompts to take urgent actions.
You want to complete your work quickly and be responsive to your leadership team, of course. But threat actors count on these types of triggers. Instead, do your best to:
Slow down
This is a crucial move in the fight against social engineering. It enables you to evaluate the situation with a critical eye and recognize potential red flags. When you slow down, you transform automatic, reflexive responses into thoughtful, deliberate actions.
Practice skepticism
When you stop to question whether an interaction is legitimate, you can spot inconsistencies. You can ask questions like: “Is this request from a person or entity I can trust?”, “Can I verify their identity?” and “Is this request truly urgent?” You might consult with colleagues or managers or refer to company policies. Or you might even do a quick internet search to validate claims.
Actionable tips:
Examine emails for unusual language or requests
Double-check that email addresses and domain names are authentic
Verify requests that come through alternative communication channels
3. Use a multilayered defense
If you want to have an edge in combatting social engineering, you need to adopt a multilayered security approach. In other words, you need to combine the human element of user vigilance with advanced tools.
A core part of this strategy is to deploy an advanced email security solution that can stop an initial attack. Ideally, it should use a combination of behaviora |
Envoyé |
Oui |
Condensat |
able about account actionable actions actors adapt addresses adopt advanced against algorithms all also alternative amounts analytics analyze anomalies any approach are around artificial ask aspects assume attack attackers attacks attacks attempt authentication authentic authority automatic automatically awareness bad bait baiting baiting based bec become been before behavioral benefits best better better: block blog break build bullet business but campaign can caution challenge channels check claims clear colleagues combatting combination combine come common communication communications communications: company complete comprehensive compromise compromised con conclusion conduct consult contact content continuous core count course cover coveted create critical crucial culture data deceptive defend defenders defense defense deliberate delivered delivery demands deploy designed desire detection deviations digital dmarc doing domain domains domains double down down drive dynamic edge educate education efforts element email emails employ employee employees enables engineering ensure entities entity error especially evaluate even evolves examine examples existed exploit exposure eye fake fear fight firewall flag flags formidable forms fraud from game gamification getting good guardians hacking has have help helpful home how however human idea ideally identify identity immediately impact impersonate impersonated impersonation imposters improve include include: inconsistencies increase indicate information informed initial instead intelligence intent interaction interactive internet invoice its keep landscape language latent latest leadership learn learning least legitimate lessons like like: long lookalike lure machine malicious managers manipulation may means measures media messages microlearning might missing mock modules month more move multilayered names need new newsletters normal off once one ongoing oriented other out over packets part participation partners patterns people per person phishing phishing place platform policies pose post potential practice predict pretexting pretexting principles pro procedures process promises prompts proofpoint protect protecting provide provides providing psychological put quarter question questions questions quick quickly quid quizzes quo rather realm realm: recognize red reduce refer reflexive regular reject rejected relies remediation remove request requests requests requires responses responsive revealing rewards robust scenarios search security send sender sensitive sessions set setting should signal significantly silver simulated situation skepticism skepticism slow social solution solutions some sophisticated speed spoofing spot status steps stick stop stories strategies strategy strong supplier support suspicious system tactic tactics tailgating take targets team team technique technological technologies technology telephone test than that them these thoughtful threat threats three through time tips: to: toad together too tools top track training transform trends triggers truly trust trusted types typical understand unusual updates urgent use used user users using validate various vast verify vigilance want when where whether which why will words work workforce working yearlong you: your yourself “can “is |
Tags |
Tool
Threat
Prediction
|
Stories |
|
Notes |
★★★
|
Move |
|