Question

In: Computer Science

"Social engineering attacks are not only becoming more common against enterprises and SMBs, but they're also...

"Social engineering attacks are not only becoming more common against enterprises and SMBs, but they're also increasingly sophisticated. With hackers devising ever-more clever methods for fooling employees and individuals into handing over valuable company data, enterprises must use due diligence in an effort to stay two steps ahead of cybercriminals." Digital Guardian (Links to an external site.) Read the article "Social Engineering Attacks: Common Techniques & How to Prevent an Attack (Links to an external site.)" on the Digital Guardian web site. Summarize the advice given by the practitioners included in the article to recommend the process or procedure you would use to prevent the social engineering attacks you included in the Discussion of this lesson.

Solutions

Expert Solution

Summary of the advice recommending the process or procedure we should use to prevent the social engineering attacks:
* The very first in the process or procedure of preventing the social engineering attacks is the recognition and identification of such attacks, knowing how they behave, their activities, their patterns, etc.
As an individual or an employee of a company one should take the below measures:
* The employee, individual, or staff must not open emails in the spam or junk folder or emails whose recipients are strangers or the users do not know.
* The attachments in emails of unknown origin must not be download, opened, installed, or run.
* Users or employees must use reputable antivirus software such as Kaspersky or Symantec.
* Employees must regularly back up their data or office data to an external medium such as an external hard disk or drive or the cloud such as DropBox, or Google Drive.
* When they have backed up their data, they must disconnect their drive. The ransomware that is created these days is also known for encrypting the users' backup drive too.
* Users or employees must not pay the ransom. The only reason why the criminals, thieves, or hackers keep using this form of blackmailing attacks is people keep paying them ransoms. To try to regain access to the users' data back, they should consult a professional in their area.
* Individuals should think twice and take time in case someone asks him/her to give information or send an electronic form of money, and when it is a bit out of the ordinary or unusual. The user should slow down and check with them using a secondary method.
* One could use phishing simulators as a measure to help people or employees to recognize malicious attempts.
* Employees should use a powerful email filter.
* LinkedIn and Facebook ought to be used by the employees to connect and communicate only to those the employees know or do business with.
* If the employee is not sure, he/she should pick up the phone and call a trusted resource.

What companies must do to prevent these social engineering attacks:
* Companies should educate their employees and staff to use complex and strong passwords and not log in to third-party websites with their corporate email addresses.
* Companies should provide staff training regularly as it is more important for employees for learning social engineering attack methods and make sure they always follow security best practices.
* Companies can and should outsource their Information Technology (IT) operations to a third-party provider called managed service providers with a strong reputation for security. This is an option that can be considered by the company to help prevent social engineering attacks.
* The IT operations when outsourced to managed service providers, offer a hardware protection layer to business IT systems and proactively monitor for suspicious activity, anomalies, and indulge threat detection.
* When companies provide their employees access to new software or system, they should also train the users and not just on how to use it the first time. It should be a continual training. Education is the best way in keeping these criminals from playing into the fear of technology.
* There should be open lines of communication with the company's IT help desk, or the company has a provider on an hourly fee, it might stop users or employees from picking up the phone.
* Businesses or companies need good password controls and security.
* There are several sophisticated tools that are able to aid companies in minimizing the impact of such attacks.
* Continuous education to be provided to the employees.
* Training should be provided to end-users will help in the reduction of overall successful attacks.
* The back up of data will serve as an insurance in case an attack succeeded.
* The level of access should be segmented.
* Company should use a Mobile Device Management (MDM) system for their employees' computers and mobile devices, with the MDM carrying the same strong level of security everywhere.
* Company should have implement Identity and Access Management (IAM).
* Security incident and event management system.
* Malware technology based on non-signature.
* Proxy, blocking white and blacklisting.
* Monitoring of inbound and outbound communications.
* Setting up handling guidelines or policies for the data that is critical.
* Company should carry out random and scheduled tests against all employees using social engineering techniques.
* Results of the company's social engineering tests- positive and negative should be reported to the executive level.


Related Solutions

Explain the basic components of social engineering attacks
Explain the basic components of social engineering attacks
The use of technology in therapy is becoming more common. Not only are psychotherapists conducting therapy...
The use of technology in therapy is becoming more common. Not only are psychotherapists conducting therapy sessions online via programs similar to Skype and Connect, but some are also starting to use text messaging and billing for such client contacts. Do you think this type of therapy can be effective? Does it violate any of the APA Ethics code? Do you think this format for therapy will continue to be used?
What are some of the common types of attacks against networks and devices on networks? apa...
What are some of the common types of attacks against networks and devices on networks? apa format
Social Media is revolutionizing the way we communicate with one another. It also is becoming a...
Social Media is revolutionizing the way we communicate with one another. It also is becoming a medium of choice in the way that companies advertise. Provide a comprehensive response for each of following questions: • How did social media begin, and how has it found so much favor in such a short period of time? • Compare and contrast Facebook, Twitter, LinkedIn, and YouTube, describing each in your own words (no citations from the text). Describe and provide an example...
Use the Internet to research defenses against cross-site attacks (XSS and XSRF). What are the common...
Use the Internet to research defenses against cross-site attacks (XSS and XSRF). What are the common defenses? How difficult are they to implement? Why are these defenses not used extensively? Write you finding here in your original post. Minimum 150 words for your response.
Social networking is becoming more and more popular around the world. Pew Research Center used a...
Social networking is becoming more and more popular around the world. Pew Research Center used a survey of adults in several countries to determine the percentage of adults who use social networking sites (USA Today, February 8, 2012). Assume that the results for surveys in Great Britain, Israel, Russia, and United States are as follows use social network? UK Israel Russia USA Yes 344 265 301 500 No 456 235 399 500 a. State the null and alternative hypotheses and...
Social networking is becoming more and more popular around the world. Pew Research Center used a...
Social networking is becoming more and more popular around the world. Pew Research Center used a survey of adults in several countries to determine the percentage of adults who use social networking sites (USA Today, February 8, 2012). Assume that the results for surveys in Great Britain, Israel, Russia and United States are as follows. Country Use Social Networking Sites Great Britain Israel Russia United States Yes 344 265 301 500 No 456 235 399 500 a. Conduct a hypothesis...
Ethical dilemmas are becoming more common in the changing health care environment. More questions are being...
Ethical dilemmas are becoming more common in the changing health care environment. More questions are being raised and fewer answers are available. New guidelines need to be developed to assist in finding viable solutions to the questions. Scenario: Over the past several weeks, you have noticed that your closest friend, Jimmy, has been erratic and has been making poor patient-care decisions. On two separate occasions, you quietly intervened and "fixed" his errors. You have also noticed that he volunteers to...
It seems to becoming more common for students to live in off campus housing than to...
It seems to becoming more common for students to live in off campus housing than to pay to live on campus. A study at a large state university revealed that in a random sample of 50 seniors last year, 56% lived in off campus housing whereas this year, a random sample of 50 seniors showed that 64% lived in off campus housing. (a) Is this convincing evidence that the true proportion of all seniors that are living in off campus...
As noted in the lecture one for the week, virtual physicians are becoming more common. Due...
As noted in the lecture one for the week, virtual physicians are becoming more common. Due to not being face to face, many critics have argued that the Physician cannot correctly diagnose as they do not have patient vitals (heart rate, O2 rates, blood pressure, temp, etc.). In your initial post, discuss whether or not you agree with the critics in their assessment and why.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT