Social Engineering Hit 42% Businesses in UK
A latest survey from security specialist Check Point has stated that 42% of UK companies have been attacked by social engineering attacks.
Moreover, the UK businesses added that they had come across nearly 25 attacks in the last two years, at an average cost of £15,000 per incident.
Check Point's UK Managing Director Terry Greer-King claimed phishing emails to top the list of social engineering threats with a striking 47% that the survey had found that and social networking sites at a staggering 39%, as per the news by eweekeurope.co.uk on September 21, 2011.
New employees (52%) and contractors (44%) were proven as the most vulnerable to social engineering methods.
Greer-King stated that this indicates that hacker attack the weakest security links in organizations and uses social engineering methods to gather private and professional details pertaining to employees to initiate 'spear phishing' attacks.
Also, through social engineering of the apt employee of the staff, attackers can gain a strong footing in the corporate network and then use it in abusing important data.
In the RSA breach case, attackers social engineered by using a comparatively unskilled method i.e. they sent an email with the subject line "2011 Recruitment Plan" to two small groups of RSA employees.
One of the employers traced back the email from their junk mailbox and opened the spreadsheet, which was a piece of malware made to provide the hacker with a direct connection into RSA's network. From there, the attackers can use the user's information and ultimately use personal information related to RSA's two-factor SecurID system.
Further, the survey indicates that 34% of businesses do not have any security policies to safeguard the users against social engineering methods.
Oded Gonda, Vice President of security products at Check Point said that users are the central part of the security process as they can be misled by hackers and can be tricked resulting in unintentional loss of data, as per the reports by informationweek.com on September 21, 2011.
However, an analysis of the survey reveals that though nearly half of the enterprises are aware of experiencing social engineering attacks, 41% are still uncertain of their status of being victimized. According to GreerKing, as these kinds of cyber attacks are generally quite below the security radar of an organization, the actual number of the attacks are still unconfirmed, reports help Net Security on September 21, 2011.
Related article: SoCal Computer Hack Traces to Watsonville
» SPAMfighter News - 03-10-2011