Tag: social engineering attack

BAI Security Audit

Insider Theft Leads to the Data Breach of 1.5 Million Bank Clients

Atlanta bank SunTrust recently announced that 1.5 million users have potentially been exposed to a criminal third party. Unlike most data exposures we’ve been hearing about, the source of SunTrust’s breach was not caused by cybercriminals, but rather a theft by an employee who gained access to sensitive client information without security clearance. Sources say the data theft could include information such as names, addresses, phone numbers and bank account balances of SunTrust customers. Simultaneously, SunTrust announced it will partner with Experian to offer identity protection for all consumer clients at no cost on an ongoing basis. Here’s what happened and how your organization can prevent falling victim to a similar scheme. An Untrustworthy Employee An ongoing investigation by SunTrust

Read More »

The Hidden Flaws

Cyber attackers are known for their persistence. If they hit a pothole trying to break into your IT network, they won’t just give up and move on to their next target. Instead, they’ll redouble their efforts and probe your infrastructure, looking for new ways to grab your valuable data. Unfortunately, sometimes these vulnerabilities can be a bit beyond your reach. Rather than weak points in your security infrastructure, they’re baked into the very devices your business depends on. As some researchers recently discovered, a new vulnerability found in Intel chips could pose a potentially catastrophic risk for your business. Here’s what you need to know about this flaw and how you can protect yourself. The Backdoor The first thing you

Read More »
Computer Security Employees


How well are your users prepared for modern-day social engineering attacks?  If you’re like the majority of management personnel I speak with during our pre-audit consultations you’re wary, but confident that your staff has properly prepared your employees from this threat to your organization. In response, I routinely explain that it is admirable that you have that kinds of faith in your managers and user base, but based on our statistical averages be prepared for the possibility of a less than ideal result when you receive our audit findings report. Preventing Social Engineering Attacks with a Social Engineering Evaluations Statistically, the first time we perform a social engineering evaluation on an organization it’s not uncommon for as many as 65% of the users to

Read More »
Assesement Tool


Social engineering is the art of manipulating people into performing actions or divulging confidential information and/or proprietary information, non-disclosed information or usernames and passwords. It is the classic approach of the confidence man, convincing someone he or she is something they are not.  If you think your personnel would never be fooled, you’re fooling yourself.  There is a reason this approach to criminal activity has a long successful history. Examples of Social Engineering Attacks and Social Engineering Psychology In the early days of computer security, social engineering might have involved a hacker calling one of your employees and talking him or her into giving up authentication credentials or login information to private systems. The current state of the art makes this

Read More »