How to respond to social engineering attacks

Cybersecurity threats are a growing concern for businesses of all sizes. Small businesses, in particular, often underestimate their risk, thinking that cybercriminals only target larger corporations. However, this misconception can lead to vulnerabilities that are easily exploited. In this blog post, you will learn about social engineering, how to prevent attacks, respond if an attack occurs, and why practice makes perfect in maintaining your security posture.

What is Social Engineering?

Social engineering is a tactic cybercriminals use to manipulate individuals into divulging confidential information or performing actions that compromise security. Unlike technical hacking, social engineering exploits human psychology rather than software vulnerabilities.

One common form of social engineering is phishing . Phishing involves sending deceptive emails that appear to be from legitimate sources. This tricks recipients into clicking on malicious links or providing sensitive information like passwords and credit card numbers.?

Phishing attacks are by far the most common type of cyber attack experienced by UK businesses. 84% of businesses that identified any breaches or attacks in the last 12 months reported experiencing phishing attacks. Among organisations that identified breaches or attacks, 35% reported experiencing impersonation attempts, where attackers pretended to be the business or its staff in emails or online. More alarming still, although 21% of businesses yet to experience an attack didn’t think they’d need to close in the event of one, 100% of those who have been victims said they would.

So the risk is very real for businesses of all sizes, regardless of industry. But what can you do about it??

Prevention is better than cure

When it comes to cybersecurity, prevention is always better than cure. Implementing technical controls can help safeguard your business from cyber threats. Here are a few to get you started.

Email filtering

Whichever you use, most email platforms include filtering solutions to block phishing emails, it’s how things end up in your spam folder. But what you might not know is that you can calibrate the rules yourself. Setting strict rules for what can and can’t enter your business’s inboxes can almost completely remove the chance most phishing emails will ever reach a human.?

Multi-factor authentication?

Use multi-factor authentication (MFA) for all accounts within your organisation. MFA adds an extra layer of security by requiring multiple forms of verification before granting access to sensitive information. This means, that even if a hacker does get hold of an employee’s login credentials, it’ll be far more difficult for them to gain access to company platforms, documents, or sensitive data.?

Regular software updates

A huge number of successful breaches start with a known vulnerability. In 2023 alone, more than 50% of the high-risk vulnerabilities tracked by Qualys were used by cybercriminals to attack victims.?

Fortunately, there’s a quick and easy way to ensure your business doesn’t fall prey. Software developers regularly release patches to address vulnerabilities, usually in the form of updates. Run these updates whenever they’re released, you can even set your operating system to auto-update.?

Technology isn’t enough?

Although technology is a vital component of cyber defence, we can’t rely solely on it. As I explained at a recent talk, for technology to be successful people must want to use it and our culture must motivate us to do so.

We can start to achieve this culture through security training and awareness . Educating employees about the dangers of social engineering and how to recognise phishing attempts is crucial. Regular training sessions can help employees stay vigilant and understand the latest tactics used by cybercriminals. This understanding and realisation of the threats and possible impacts upon individuals and the businesses they work for will sow the seeds of a strong culture.

Incident Response Procedures

Despite the best preventive measures, breaches can and will still occur. Having a robust incident response procedure in place can mitigate the damage and help your business recover quickly.

Incident response procedures are predetermined protocols that outline the steps to take when a cybersecurity incident occurs. These procedures ensure an efficient and effective response, minimising any impact on your business.

An effective incident response plan should include:

Preparation –? Ensure your team is ready to handle incidents by establishing and training on policies, tools, and communication plans.

Detection and analysis – Monitor systems to quickly identify and assess incidents, determining their scope and impact.

Containment, eradication, and recovery – Implement strategies to control the incident, remove the threat, and restore affected systems and data to normal operations.

Post-incident activity – Review and document the incident and response actions, using insights to improve future response efforts and strengthen security measures.

Practise, Practise, Practise

Developing an incident response plan is not enough. You must also regularly practice it to ensure it remains effective.

Depending on your organisation’s size and resources, you must determine which incidents should be subject to a lessons learnt process. For example, all incidents with a critical or high ticket associated with them. After each relevant incident, conduct a thorough review to identify what worked well and what didn’t. Use these lessons to improve your response procedures and prevent future incidents.