48 percent of enterprises are victims of social
engineering, experiencing 25 or more attacks in the past two years, costing
businesses anywhere from $25,000 to over $100,000 per security incident,
according to Check Point Software Technologies.
Phishing and social networking tools are the most common
sources of socially-engineering threats – encouraging businesses to implement a
strong combination of technology and user awareness to minimize the frequency
and cost of attacks.
Socially-engineered attacks traditionally target people
with an implied knowledge or access to sensitive information. Hackers leverage
a variety of techniques and social networking applications to gather personal
and professional information about an individual in order to find the weakest
link in the organization.
According to the global survey of over 850 IT and
security professionals, 86 percent of businesses recognize social engineering
as a growing concern, with the majority of respondents (51 percent) citing
financial gain as the primary motivation of attacks, followed by competitive
advantage and revenge.
While these survey results show nearly half of
enterprises surveyed know they have experienced social engineering attacks, 41
percent said they were unsure. This lack of security awareness is equally
concerning,” said Oded Gonda, vice president of network security products at
Check Point Software Technologies.
While social engineering techniques rely on taking
advantage of a person’s vulnerability, the prevalence of Web 2.0 and mobile
computing has also made it easier to obtain information about individuals and
has created new entry points to execute socially-engineered attacks. New
employees (60 percent) and contractors (44 percent) who may be less familiar
with corporate security policies were considered to be the most susceptible to
social engineering techniques, in addition to contractors, assistants, human resources
and IT personnel. To achieve the
level of protection needed in modern day IT environments, security needs to
grow from a collection of disparate technologies to an effective business
With Check Point’s
UserCheck technology, businesses can alert and educate employees about
corporate policies when accessing the corporate network, data
and applications – helping companies minimize the frequency, risk and costs
associated with social engineering techniques.
86 percent of IT and security professional are aware or
highly aware of the risks associated with social engineering. Approximately 48
percent of enterprises surveyed admitted they have been victims of social
engineering more than 25 times in the last two years.
Survey participants estimated each security incident
costing anywhere from $25,000 to over $100,000, including costs associated with
business disruptions, customer outlays, revenue loss and brand damage.
Phishing emails were ranked the most common source of
social engineering techniques (47 percent), followed by social networking sites
that can expose personal and professional information (39 percent) and insecure
mobile devices (12 percent).
Financial gain was cited as the most frequent reason for
social engineered attacks, followed by access to proprietary information (46
percent), competitive advantage (40 percent) and revenge (14 percent).
New Employees are
Most Susceptible to Social Engineering Techniques – Survey participants
believe new employees are at high risk to social engineering risks, followed by
contractors (44 percent), executive assistants (38 percent), human resources
(33 percent), business leaders (32 percent) and IT personnel (23 percent).
Regardless of an employee’s role within an organization, implementing proper
training and user awareness is critical component of any security policy.
Lack of Proactive Training to
Prevent Social Engineering Attacks – 34 percent of businesses
do not have any employee training or security policies in place to prevent
social engineering techniques, although 19 percent have plans to.
By Telecomlead.com Team