Industry News

Social engineering; still one of the most successful tactics

After all the talk and research about how to stay safe online, you’d expect educated behavior among web surfers. Surprisingly, research shows differently. In fact, they are just as oblivious to malware as they’ve always been. What’s more, they still fall victim to social engineering hacks, proving a serious vulnerability when at the office.

Psychological manipulation has made hackers billions of dollars. Vodafone statistics show users are getting less aware by the year. In 2015, as many as a third of phishing emails were opened, and 12 percent were successful because users either clicked the URL or downloaded the attachment. Some 63 percent of breaches investigated were caused by a weak or stolen password by social engineering scams urging users to reset their banking password.

Almost all breaches follow the same nine patterns: miscellaneous errors (17.7%), insider and privilege misuse (16.3%), physical theft and loss (15.1%), denial of service (15%), crimeware (12.4), web app attacks (8.3%), point-of-sale intrusions (0.8%), cyber-espionage (0.4%), payment card skimmers (0.2%), everything else (13.8%).

Companies don’t even have “a half-decent defense,” the report claims, because they have failed to thoroughly detect and understand the patterns, industries and errors. Once businesses understand this and keep track of errors, they will improve deployment and cut costs. If hackers take advantage of new technologies such as the internet of things and mobile, businesses need to think ahead to better protect their networks.

67 specialists from law enforcement, government and security service providers investigated more than 100,000 incidents, along with 2,260 confirmed data breaches in 82 countries to compile Vodafone’s 2016 Data Breach Investigations Report.

While businesses rely on outdated strategies that take weeks to detect an attack, hackers are improving their skills, causing costly system breaches in less than a few minutes in 93 percent of cases, they found. Data breaches are not just about losing information — in the long run they affect reputation and involve expensive fines and restitutions.

Obviously hacker behavior can’t be predicted, but some measures that could help as a first layer firewall. First of all, if you’ve already experienced a breach, keep track of the errors throughout the investigation and understand what went wrong and how it could have been avoided. Keep educating employees on best practices at the office and ask them to implement two-factor authentication. Allow access on a need-to-know basis to prevent employees from sending confidential data to the wrong recipient. If you detect a breach, stay alert to fix it as soon as possible and encrypt all valuable data.

About the author


From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.