What is the weakest “link” in your security chain?
Is it your perimeter? Is it your endpoint control or management? What about your ability to detect lateral movement? Most likely it is your people! No matter how great your technology and no matter the layers upon layers of security you implement, your people are always going to pose significant security risks. The “bad actors” know this and they focus their campaigns on your staff. These campaigns are becoming more and more sophisticated every day. Plus in many cases, we make it easy for them to learn key pieces of information. For example, you can go to LinkedIn, Facebook, Twitter, Google, and numerous other sites and glean information about your employees’ jobs, colleagues, email addresses/formats and habits. Once the “bad actors” have this information they can begin to build phishing, vishing and other campaigns to target your people and your organization.
Yes, sure we see the blatantly obvious phishing attempts all the time and these are easy to handle (albeit an annoyance and loss of productivity). However, there are more complex and comprehensive attacks which are very hard to detect and could end up costing you money or worse yet, the loss of a client or confidential data.
So, what can you do? You can be proactive and train your staff and make it part of their everyday awareness. Continue to leverage tools to help identify suspicious emails and use technology where it is available. Also, do an assessment and test your controls, test your people and take it seriously. If you find weaknesses then put together an action plan. Adapt your training when you discover gaps. Ensure new staff is trained as they come on board. Also, you must garner support from the top down. Having senior executive management support is a must!
MFX provides a wide array of Social Engineering assessments and training. We have helped clients with their preparedness and their ongoing programs in this space. Please contact Steve Shively (email@example.com) for more information.