Be sure your systems are being monitoring 24x7. In particular, you need ensure that the systems that house sensitive information are protected with a host-based intrusion detection system. This is very different from most IDSs that companies deploy. A HIDS can monitor an individual system for misbehavior and anomalous activity. It has a defined set of polices and rules and when the system attempts to behave outside of those parameters, it can block attacks and escalate alerts. A HIDS is one of the best ways to increase protection of your critical systems.
Social engineering is the practice of obtaining confidential information by manipulating people. In contrast, hacking is typically compromising a computer system in order to control or otherwise access sensitive information. Social engineering is getting people to do something they wouldn’t do normally. In short, social engineering is hacking people rather than computer systems.
Social engineering has been an effective method of committing fraud for centuries. Recently, however, it has been used more and more to assist criminals in perpetrating crimes that can net large sums of money. Without one social engineering method or another, most current attacks would not be successful.
Employees are an organization’s weakest link and social engineering attacks are only limited by the creativity of the perpetrator. Although there is no way to stop social engineering attacks entirely, we can do much more than we are today to reduce our exposure to them. Strictly enforced policies and procedures combined with training, testing and technology can reduce your risk from these types of attacks.
Here, Perimeter's Chief Technology Officer Kevin Prince offers five actions that can be taken to reduce your exposure.
Be sure to check out other slideshows from Perimeter: