“Statistics suggest the average human being falls for a social engineering attack about four times — with training — before they become ‘inoculated’ against that type of attack,” “Helpful people are a real target,” said David Trepp, IT assurance partner at BPM, a Top 100 Firm in California that also provides pen testing and other security services.
“For most of your readers, phishing is probably the No. 1 threat,” said David Ross, principal and cybersecurity practice leader at Top 100 Firm Baker Tilly. “There’s been a huge uptick in the last few months in spear-phishing attempts, which are very specifically targeted to an individual. Prevention is a twofold approach: On the technical side, you implement systems to filter and catch as many of these emails [as you can] so they don’t get to the end recipient; the other is personnel training.”
Helpful staff will more readily respond to a stranger who appeals to their willingness to be of service, Trepp explained. For instance, he may pose as an IT person who just needs to take a “quick look” at an accountant’s laptop to “get his boss off his back” and get a fix done quickly.
“All we need is about three seconds with an unblocked, unattended computer, or an employee willing to believe we’re tech support, or a live network jack somewhere where nothing is plugged into — and we’re in,” Trepp explained.
It can seem an insurmountable task to face down cybercriminals and come out on top. Sometimes it feels like a breach is inevitable, and it’s only a question of when. But professional services firms are growing a network of advisors, software and resources to build out cybersecurity and strengthen their security posture. The first step is to take cyber seriously, because all it takes to wipe away a lifetime of client goodwill and data is three seconds. Full story at AccountingToday