1.So given all these examples of social engineering attacks, how would an inform

Question

1.So given all these examples of social engineering attacks, how would an information security group prevent these attacks from being successful if they are targeting their companies employees? It is a very frustrating area to try and fight, since all the money spent on network security like firewalls, anti-virus, intrusion prevention systems (IPS), etc., feels like it is not working when people can get compromised in these ways. If more training and awareness is one of the possible answers, how would you measure its effectiveness?

2.tell us how url blocking software could be used as a part of a defense strategy for helping a company protect its employees from attacks via malicious websites?

Explanation / Answer

Social engineering is a technique that hackers use to trick people into divulging private, secure information. It's still one of the leading causes of security breaches. For example, an employee might receive a phone call from someone who claims to work for your Internet service provider or other technical support. The caller says that he's fixing a problem and needs the user's password to test a possible solution. The employee hands over the information without verifying the caller's identity.

we can see that the methods used to attack the human weaknesses in your information security system, whether that system be your personal methods or your company's coporate methods of protecting that information, are as numerous and diverse as the technological methods used to attack your hardware and software.

Nobody is safe from this attack, regardless of whether or not the use a computer, and regardless of whether they are responsible for information security in your organization. Remember that any method used to attack an individual can be used to attack an individual at work.

What can be seen from a brief discussion of this topic is a weakness that will always exist. This weakness cannot be patched with software downloads. It cannot be solved with firewalls, encryption, VPN's, or armed guards watching your fileservers. Whether online or not, all of your information assets are at risk because of this threat.

As long as your corporate and personal knowledge exists within the realm of human memory, you are at risk.

Now , how we can prevent this from happening.

1. The main method is to give frequent warning mailers and awareness of new techniques used in the social engineering attacks.

2. Mandatory trainings every six months on social engineering.

3. Method to check and escalate any attempt to the attack, so that the same will not happend again to that individual as well as his/her colleagues.

4. Proper Guildelines in using social media and social networking sites.

5. Classification of information on the basis of its importance as Critical, Business, Public etc.

We can check about the effectiveness of training and awareness programs by the below methods.

1. Mock attacks on few employees can reveal the effectiveness clearly.

2. Sending out the surveys and the questionnaires to the employees.

3. Admins checking whether the employee is following the instructions in the social media and other public areas.

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.