You’ve undoubtedly seen the movies where highly skilled hackers need only a few minutes to crack the most secure computer networks in the world.
The reality is quite different. Successfully hacking a network, even a small business network protected by just anti-virus and a firewall, takes days, weeks and even months.
That’s why hackers often utilize social engineering against small businesses and organizations that — rather than spending all of that time trying to get past the technological defenses — con unwitting employees into giving up their login credentials or other information that the hacker can use or monetize.
For instance, rather than trying to guess passwords or break through the firewall, they can simply send out phishing emails tricking an employee into entering their login credentials into a fake web page. They know they will get a fairly high percentage of clicks because they have already tested various versions of the same email against smaller lists of email addresses.
They might also place phone calls impersonating a company’s tech support to get a user name and password they can use to log on to the network and conduct their illegal activities.
Whatever social engineering technique they use, it will be easier than trying to break into a network.
Plus, it can give them access not only to the network, but bank accounts, medical records, tax info, proprietary information, or other personally identifiable information, data or files that they can use themselves to commit various types of fraud or re-sell to other cyber criminals.
What can you do about it?
Security Awareness Training for your employees, along with phishing simulation testing and ongoing alerts and tips about the latest scams, provide the best defense against social engineering scams.