Cyber attacks come in many forms. You have ransomware, viruses, worms, and many more you should be aware of. Some attacks are more common than others, like those “Nigerian prince” scams that you might have in your spam folder, but all can be used to specifically target vulnerable businesses.
Arguably the most important type of attack you need to be wary of is a “social engineering” attack. The term describes psychological manipulation that tricks people into offering sensitive information or making security mistakes.
Social engineering is particularly dangerous because there is no software that can stop it. It preys off human error and anyone can make mistakes. Here are the four social engineering security attacks all businesses should know.
Phishing
Have you ever had a poorly written email about an Amazon order, but you hadn’t bought anything? This is an example of phishing. This attack steals sensitive information like card details and logins.
Phishing scams can also download malware onto your device. They are the most likely attack to hit a business, with the number of businesses falling victim growing from 6% in 2015 to 9% in 2019.
Whaling attacks
Whaling attacks are like phishing, only these emails target specific people. Targets are usually board members or employees with higher clearance and access to important, sensitive information, such as CEOs, CFOs, and other executives. These attacks are hard to spot. Attackers will use personal information to be as convincing as possible. A common whaling attack is an email from a ‘supplier’ of your company requesting payment.
Pretexting
Pretexting is often seen as the offline or human equivalent of phishing. This is where an attacker will coax information out of a victim with carefully constructed lies. They may imitate police, co-workers, bank workers, or tax officials – people who have authority and who most people would trust with sensitive information.
They can gather extremely sensitive information through this attack, from personal addresses and phone numbers to staff holidays, bank records, and security information. Pretexting can be hard to recognise as the attacker gradually knocks down your defences and gains your trust.
Baiting
Baiting attacks use false promises that offer something enticing to the victim in exchange for sensitive information. These attacks are used to steal the victim’s personal information or download malware onto their system.
A popular baiting technique is to leave an authentic-looking USB infected with malware in a place where they know the victim will see it. The hope is that the victim will plug in the USB so it can infect the system.
Almost half of UK businesses fell victim to a cyber breach or attack in the past 12 months. For what’s at stake – damaged reputation, loss of profits, disruption – sidestepping proper protection and security measures is just not worth it. By investing in the right security measures and taking the time to educate your staff on the malicious attacks out there, you can regain some control and secure a stronger, more stable future for your business.
Nisyst Cyber Security’s a team of engineers pride themselves on offering expert advice and tailored solutions for all your security and compliance needs. Give your business the best protection by calling us today on 01204 706000.