Tag: Social Engineering

BAI Security Audit

Key Takeaways from Interop

Security was on everyone’s mind at this year’s Interop Las Vegas conference, with workshops ranging from insider threats to social engineering, supply chains and managing targeted attacks. One key point that emerged from all of the discussion was that businesses and governments need to understand the motivations of cyber attackers. Dmitri Alperovitch led the INTEROP workshop which was focused solely on the benefits of knowing your enemy. The days when security was a matter of “merely” battling cyber criminals and young hackers out for a joyride are over. Today, we also have cyberespionage, hacktivists and state-sponsored hacking to contend with as well. Seems that everyone is exploiting digital to gain even the tiniest edge in business or politics. Given these

Read More »
Audit Results

BAI SECURITY – MID-YEAR TOP-4 SECURITY RISKS

First, it should be noted that this list is compiled from IT Security Audits performed by BAI Security during January to July of 2013 and is not intended to be a comprehensive list of all security risks.  BAI Security specializes in auditing regulated organizations, such as those in banking and finance, pharmaceutical, healthcare, insurance, and the utility sector.  While commonalities often exist, the results found here are not necessarily representative of businesses outside of these sectors. Social Engineering Social engineering has long been a serious security concern, but more recently organizations are slipping even further into a much higher level of risk in this area.  Even with most organizations performing annual end-user security awareness training, which usually includes a piece on social

Read More »
Computer Security

LIVE EXPERIMENT DEMONSTRATES DISREGARD FOR BANK SECURITY POLICY

An experiment carried out within London’s financial district has demonstrated what security experts have been saying for years: employees – even those working with ultra-sensitive financial data – are unaware of or are far too loose with basic security practices. In the experiment, Flash Drives were handed out to commuters as they entered the city. Recipients were told the disks contained a special Valentine’s Day promotion. In reality, though, the Flash Drive contained nothing more than code that informed the company performing the experiment how many of the recipients had tried to use the Flash Drive. Among those who were duped were employees of a major retail bank and two global insurers. Clear warning Making these results even more ridiculous, the Flash

Read More »
Assessment

ARE YOUR EMPLOYEES GIVING AWAY CONFIDENTIAL SECURITY INFORMATION?

A man calls the receptionist at a competitors company and asks for the name of the Sales Manager.  The receptionist says the person you are looking for is Bob Jones.  Later, the man calls back to the same company and says he needs to speak with the IT helpdesk.  When the helpdesk operator answers the man says “Hi, my name is Bob Jones and I seem to have forgotten my new password.  I am on my way to an important meeting can you reset it right away?” In an effort to help the user regain access to the system, the helpdesk operator resets the password and tells the man the new password.  The man then accesses the employee area of

Read More »
Computer Security Employees

REAL WORLD SOCIAL ENGINEERING ATTACKS … IN THE TRENCHES WITH AN AUDITOR

How well are your users prepared for modern-day social engineering attacks?  If you’re like the majority of management personnel I speak with during our pre-audit consultations you’re wary, but confident that your staff has properly prepared your employees from this threat to your organization. In response, I routinely explain that it is admirable that you have that kinds of faith in your managers and user base, but based on our statistical averages be prepared for the possibility of a less than ideal result when you receive our audit findings report. Preventing Social Engineering Attacks with a Social Engineering Evaluations Statistically, the first time we perform a social engineering evaluation on an organization it’s not uncommon for as many as 65% of the users to

Read More »
Assesement Tool

15% OF USERS WILL DIVULGE LOGON CREDENTIALS TO STRANGERS – SOCIAL ENGINEERING ATTACKS

Social engineering is the art of manipulating people into performing actions or divulging confidential information and/or proprietary information, non-disclosed information or usernames and passwords. It is the classic approach of the confidence man, convincing someone he or she is something they are not.  If you think your personnel would never be fooled, you’re fooling yourself.  There is a reason this approach to criminal activity has a long successful history. Examples of Social Engineering Attacks and Social Engineering Psychology In the early days of computer security, social engineering might have involved a hacker calling one of your employees and talking him or her into giving up authentication credentials or login information to private systems. The current state of the art makes this

Read More »