Identifying vulnerable systems is not enough. You must keep them up-to-date with a patch management system. Be sure your patch management system updates all operating systems in your environment including Linux, Microsoft, UNIX, Mac, etc. Also, be sure that all your most popular third-party applications are updated. Typically, an OS patch management system, such as Microsoft's SUS (system update service) only patches Microsoft programs, while all your other software is left vulnerable. But sure to cover all your bases.
Social engineering is the practice of obtaining confidential information by manipulating people. In contrast, hacking is typically compromising a computer system in order to control or otherwise access sensitive information. Social engineering is getting people to do something they wouldn’t do normally. In short, social engineering is hacking people rather than computer systems.
Social engineering has been an effective method of committing fraud for centuries. Recently, however, it has been used more and more to assist criminals in perpetrating crimes that can net large sums of money. Without one social engineering method or another, most current attacks would not be successful.
Employees are an organization’s weakest link and social engineering attacks are only limited by the creativity of the perpetrator. Although there is no way to stop social engineering attacks entirely, we can do much more than we are today to reduce our exposure to them. Strictly enforced policies and procedures combined with training, testing and technology can reduce your risk from these types of attacks.
Here, Perimeter's Chief Technology Officer Kevin Prince offers five actions that can be taken to reduce your exposure.
Be sure to check out other slideshows from Perimeter: