Education is crucial in defending against evolving social engineering attacks, according to Jack Plaxe, president of the Kentucky InfraGard Alliance. During a presentation last week, Plaxe pointed to a recent business email compromise scam that targeted schools in Scott County, Kentucky.
A scammer sent a fraudulent email posing as a vendor that the school district regularly does business with, and tricked employees into wiring payments to the wrong account. The criminal nearly made off with $3.7 million, but the bank was able to recover the money before it disappeared.
“These types of scams rely on the fallibility of humans, and since we are all human, we are fallible,” said Plaxe. “It relies on someone who is working and maybe trying to accomplish many tasks and may not identify the warning signs in an email.”
Plaxe emphasized that most cyberattacks require an employee within the organization to make a mistake, such as clicking on a link, opening an attachment, or falling for a spoofed email. These attacks can be prevented if employees know the potential dangers and the warning signs to watch out for.
“Defending critical infrastructures requires diligence and educating yourself on security and how attackers are adapting and changing their tactics,” he said. “An estimated 70% of cyber exploitation starts or is introduced with an email, not a hacker. They know that humans are the weak link and try to exploit that. Nobody is exempt from cyber crime and everyone needs to be prepared.”
While technical defenses can assist in blocking malicious emails and identifying known malware, the best way to thwart social engineering attacks is by teaching employees about the tactics used by attackers. New-school security awareness training can give your employees the knowledge necessary to resist these tricks.
The Georgetown News-Graphic has the story: http://www.news-graphic.com/news/education-first-defense-vs-cyber-fraud-security-expert-says/article_23f6875c-71cd-11e9-82bd-1b9164d7a39f.html