Social engineering attacks are a real threat to most organizations
Social engineering, as a method of cyber-security attacks, is very popular and quite widespread, according to a new report by cybersecurity firm Agari. It had polled 200 professionals from healthcare, government, financial services and education sectors.
Six in ten (60 percent) of security leaders say their organization either was, or "may have been" a victim of at least one targeted social engineering attack, on the last year alone. Two thirds of those attacks (65 percent) led to employees’ credentials getting compromised.
Financial accounts were breached in 17 percent of attacks. Almost nine in ten (89 percent) of respondents say they noticed either a "steady pace" or an increase in both spear phishing and targeted attacks. Almost half (49 percent) consider their cyber-security solutions below average or ineffective.
A fifth didn’t know if their brands were used in social engineering attacks on their customers or partners. More than fifth have admitted to having "no confidence" in their business partners’ being able to defend against such attacks.
"Most enterprises think that if they train their employees to be aware of malicious emails, it will be enough. However, this is delusional as it’s impossible for anyone to consistently distinguish malicious, social engineering-based emails from legitimate emails", says Dr. Markus Jakobsson, chief scientist for Agari.
"Email-based attacks using social engineering are enabling cybercriminals to steal corporate secrets, carry out politically motivated attacks and steal massive amounts of money. We expect to see a catastrophic growth of these types of attacks in the future, fueled by both their profitability and the poor extent to which businesses are protecting themselves, unless these organizations begin taking the necessary technology-based countermeasures to prevent these attacks", adds Jakobsson.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.