How to Incorporate Social Engineering Attacks in Your Cybersecurity Plan
The digitization of the film and media industry has brought forth great benefits for media companies, improving their operational efficiency and profit margins. As with any transformation, however, the media industry has also faced challenges related to these technological changes.
For example, the democratization of content creation and distribution, and the accelerated use of cloud technology, has increased the media industry's cyber threat landscape. In recent years, media companies have become victims of cyber attacks as threat actors use social engineering attacks to breach these companies.
Take the recent attack on Rupert Murdoch's News Corp, for example. In this attack, threat actors allegedly hacked the email accounts of journalists to steal data about the confidential sources of their information. Other notable attacks on media companies include the 2014 Sony Pictures attack and the 2017 Netflix and HBO breaches.
Given the ever-changing cybersecurity threat landscape, businesses across all industries, and media companies in particular, should constantly look to strengthen their cybersecurity posture. An important first step on this path is to incorporate account takeover protection strategies, as well as proactive measures to keep everyone in your organization safe from social engineering and related cyberattacks.
From phishing to pretexting, this post will go in depth into these different types of attacks and help guide your organization on how to build and maintain a robust cybersecurity plan.
What Are the Most Common Types of Social Engineering Attacks?
Social engineering attacks typically entail some form of psychological manipulation; tricking an unsuspecting user or employee into divulging confidential or sensitive data. Simply put, social engineering attacks use the human loophole to circumvent cybersecurity defenses.
Cases of social engineering attacks have been high in recent years. A 2021 FBI report found that a record number of Americans sent complaints about social engineering attacks, with reported losses exceeding $6.9 billion.
Some of the common social engineering attacks threat actors use include:
Phishing
Phishing attacks are the most common type of social engineering attacks and have increased more than tenfold over the past three years, according to the FBI. These attacks occur when a threat actor uses any form of communication (often email but increasingly SMS text) to "fish" for information such as names, addresses, and social security numbers. The messages scammers send look identical to the ones from trusted individuals or organizations such as your bank.
The threat actors can use the stolen credentials to commit crimes such as financial fraud, identity theft, corporate espionage, and account takeover.
Pretexting
Pretexting occurs when a scammer creates a pretext or a fabricated scenario, which they use to steal someone else's personal information. Typically, cybercriminals impersonate a trusted individual or organization and request specific details from a user to confirm their identity. Suppose the victim complies; the threat actor can commit identity theft or use the information to execute other malicious activities.
Baiting
Baiting is a form of engineering attack where the attacker lures victims into divulging sensitive information by promising to give them something valuable in return. For instance, an attacker could create pop-up ads that offer free music, games, or movie downloads. Upon a victim clicking on the link, their device will be affected by malware. Baiting attacks can also exploit human curiosity through the use of physical media.
Quid Pro Quo
Quid pro quo means "a favor for a favor." Like baiting, this social engineering attack promises something in exchange for information. The most common form of quid pro quo attack occurs when a threat actor pretends to be from an IT department. They will call or message you with an offer to extend your trial, speed up your internet, or even give you gift cards in return for trying out software. When a victim creates a free account or verifies/gives out their login credentials, the scammer will access this sensitive information and use it against the victim or even sell it on the dark web.
Tailgating
Tailgating occurs when an authorized person allows an unauthorized person into a restricted area. It could also entail unauthorized users gaining access to your company devices. Threat actors who use tailgating may put your organization at risk by stealing sensitive information about your organization or spreading malicious code throughout your organization.
Whaling
Whaling is a form of social engineering attack in which a threat actor poses as a senior executive, such as the CEO or CFO, to target other high-level executives or those with access to sensitive information within an organization. In order to deceive employees into disclosing privileged information or committing fraud on the attacker's behalf, the attacker will send a persuasive email that looks to be from a reliable source. To maximize the chance of receiving a speedy response, the fake email might employ strategies including impersonating the sender's email address, including the executive's name and title, and using urgent or confidential language. to increase the likelihood of getting a quick response.
How Can a Cybersecurity Plan Prevent Social Engineering Attacks?
Social engineering is embedded in deception, and human beings are susceptible to being cheated, some more than others. Certain cultural and experimental factors can contribute to an individual becoming a victim of a successful social engineering attack. For example, individuals who are more trusting and giving are more likely to become victims of social engineering attacks compared to those who are more suspicious and selfish. This is especially true given that social engineers usually build relationships with potential victims. They observe their potential victim's tendencies and behavior, and based on their observation of the individual, they find a vulnerability from which to launch their attack.
Attackers can also exploit lapses in judgment caused by the high demands of an employee’s workload and busy schedule. This phenomenon is called inattentional blindness. Inattentional blindness occurs when a cyber attack targets someone whose attention is diverted by something else, preventing them from noticing that they are falling victim to a social engineering attack. Individuals who are multitasking or under high levels of stress can become more vulnerable to social engineering attacks, especially when the attacker poses as a trusted source, such as a colleague or a vendor, and uses urgency or authority to pressure the target into taking a specific action, such as downloading a malicious attachment or providing sensitive information.
Some ways organizations can reduce their risk of experiencing social engineering attacks include:
Building a Positive Security Culture
Social engineering attacks exploit mistrust. As such, if you or your employee falls victim to these attacks, it's because the threat actors are good at what they do and not because you or your employees are naive.
Create a corporate culture that reflects that. We can all be victims of social engineering attacks, especially given the increasing sophistication of attack techniques used by threat actors. To prevent these attacks, it's crucial that your employees understand their security responsibilities and report potential attacks rather than think that saying something will get them in trouble.
Learning the Psychological Triggers
Recognizing a social engineering attack isn't always easy, especially since these attacks take several different guises. Moreover, the attackers can exploit psychological triggers to get through people's defenses. For instance, they could create a situation of false urgency and high emotions, exploit a victim's drive for reciprocation by creating a sense of gratitude, or rely on an individual's conditioned response to authority. Learning these psychological triggers can help prevent you from becoming a victim of social engineering attacks.
Training Your Staff
You should also train your staff on ways of identifying social engineering attacks and what actions to take to thwart those attacks. Test the effectiveness of your training to determine what changes you can make. Simulated social engineering attacks will give you a pretty good idea of your employee's susceptibility to these attacks.
Implementing Appropriate Technical Measures
While staff training is important, it isn't sufficient by itself. You also need to implement broader cybersecurity measures so that in the event that attackers trick your staff, it's challenging for them to get much further. Some things you should consider include using firewalls, applying patches and keeping systems updated, using rigid data classification models, and keeping records of who can access what information.
How Do I Create a Cybersecurity Plan?
A cybersecurity plan is the centerpiece of the policies, procedures, strategies, and technologies an organization will rely on to safeguard against attacks and mitigate risks in an IT environment. It typically encompasses:
- Defining clear security goals and objectives
- Developing universal policies and procedures
- Training the entire organization
- Incident response planning and management
More detail on each step can be found below:
Defining Goals and Objectives
The first step to creating a cybersecurity plan is to determine what your goals and objectives are. What assets are you protecting? And how will those assets being compromised affect your organization? Actively consider your business's current situation, its asset/risk management and threat management processes, and what you can do to ensure the security of your assets.
Developing Policies and Procedures
After defining your security goals and objectives, you need to develop policies and procedures for ensuring those goals are met. What security measures will you implement to protect your organization? What measures should employees take when they encounter a potential threat? What data security measures will you put in place? The policies and procedures you develop should answer these and other security questions to ensure your organization's security from various threats.
Training
Your cybersecurity plan will only be effective if your people understand and know how to implement your security policies and procedures. Train your people on identifying various social engineering attacks and what measures they should take when they encounter potential attacks. You should also train them on how to use various security solutions in your organization.
Incident Response Planning and Management
While you may take all the measures to prevent measures to secure your organization's assets, threat actors could still breach your security walls. When they do, it's important that you have an incident response plan for limiting the damage of the attack and getting your organization up and running as soon as possible.
Why an External Cybersecurity Provider Should Consult on Your Cybersecurity Plan
While some organizations opt to create a cybersecurity plan on their own, it's advisable to consult an external cybersecurity provider. External cybersecurity providers deeply understand the prevailing cyberthreat landscape and can ensure that you incorporate all the necessary measures for securing your organization.. Additionally, they can provide you with various security solutions, including:
- Cyber Threat Intelligence: Cyber threat intelligence will allow you to identify the threats your organization faces on the surface web as well as the deep web. This way, you can include measures for protecting against such threats in your cybersecurity plan.
- Dark web monitoring: The cybersecurity plans for most organizations include only the measures that the in-house security personnel identified. Often, these professionals overlook threats organizations face on the dark web. An external cybersecurity provider such as ZeroFox offers dark web monitoring services for discovering threats an organization faces in private forums, the social web, the deep web, and the dark web forums. Deep and Dark Web Monitoring also helps organizations monitor any potential exposures of employees or executives that attackers could exploit, leading to organizational risk.
- Breach Response: An external cybersecurity provider can help you develop a sound breach response strategy for dealing with cyber threats if and when they occur.
- Anti-Phishing Software: External cybersecurity providers deal with various types of social engineering attacks, such as anti-phishing software. By including this software as part of your cybersecurity strategy, you will be better positioned to prevent them.
- Adversary Disruption: When attackers create fraudulent websites or social media accounts with the intent of stealing sensitive information from clients or employees, it is imperative to have a domain takedown service provider that can help you quickly and comprehensively dismantle the adversary’s attack campaign.
ZeroFox Can Help You Design a Complete Cybersecurity Plan
ZeroFox offers a wide range of cybersecurity services encompassing protection against and response to cyber incidents, including threat intelligence, dark web monitoring, incident response, and physical security. With our security services, you can determine your current cybersecurity posture, identify vulnerabilities that attackers might exploit, and use these insights to create a cybersecurity plan that safeguards your organization’s sensitive data, reputation, and business growth strategies. Book a demo today to gain deeper insight into how ZeroFox can help with your cybersecurity plan.