Missouri Business

Is Your Business Opening the Door to Cyber Attacks?

By Rob Rudolf, CISSP-ISSMP, MBA

Confidence scams are as old as human history, but in the modern age, they increasingly involve technology. Cyber security professionals refer to these scams as social engineering attacks: using technology to take advantage of the natural human nature to trust. Most of us have seen spam and “phishing” e-mails. Phishing attacks are e-mails designed to get you to click on a link, launch an attachment, call a phone number, or make contact with a con artist. But did you know Social Engineering can involve phone calls, fake websites, e-mails targeted at specific personnel, and even physical activities?

If you research social engineering, you will see terms like:

Rob Rudloff is the Partner-in-Charge of Cyber Security Risk Services at RubinBrown

Petty criminals want to make a quick buck by taking advantage of individuals. The really dangerous criminals want access to your organization’s network, computers, and applications so they can steal records, trade secrets, and intellectual property or conduct major fraud. Most of the major breaches reported in the past three years can be traced to a social engineering attack. Social engineering attacks resulted in some access to the victim’s network, computers, or applications. The attackers used their foothold to access confidential systems, collect data, and exfiltrate the data from the environment. Once the attackers have the confidential data, they sell it to criminals, ransom it back, or use it to publicly embarrass the victim.

Social engineering takes advantage of human trust, so protection against these attacks needs to include a variety of methods. Here are a few ideas to reduce the risk from social engineering:

Social engineering attacks take advantage of technology while exploiting the weak points in our defenses: our people. The threats are present, so address them using the appropriate combination of the recommendations above that fit your environment. There are many ways to reduce the risk for your organization by using the right combination of people, process, and technology.

Visit rubinbrown.com or call 303.698.1883 for information.