Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Best Practices for Enterprises to Prevent Social Engineering Attacks

    By
    EWEEK EDITORS
    -
    February 10, 2021
    Share
    Facebook
    Twitter
    Linkedin

      One of today’s most challenging security issues for the enterprise is stopping social engineering attacks. This is a common entry point for many attackers, and any organization can fall victim. Look at the recent attack on the SANS Institute, and, of course, Twitter. Despite the frequency and potency of social engineering attacks, we often see inadequate security controls as well as incident response plans in place by organizations.

      Every organization will have its own definition of what an acceptable level of risk is and should make strong security decisions and investments backed by their risk threshold. Beyond employee training and education, organizations will want to focus on getting the basics right to ensure there are layers of controls in place to make them more resilient even if their users fall victim to social engineering.

      In this eWEEK article, Associate Vice-President of Consulting Dan Wood at Tempe, Ariz.-based security firm Bishop Fox provides businesses with best practices that can be applied to enforce the strongest possible security posture to help strengthen an organization’s social engineering defensive strategy.

      Here are his most important top tips/best practices:

      Further reading

      • Five Levels of Response Automation for Corporate Cybersecurity
      • Why Security Teams Are Burning Themselves Out

      Best Practice No. 1: Ensure that your organization doesn’t expose itself via open mail relays.

      These can increase email spoofing because they allow unauthenticated email to be sent externally to an organization, which makes it harder to defend against phishing since the emails will look legitimate to internal users.  By implementing strict user authentication and IP authorization at the gateway, you can take this opportunity away from the attacker.

      Best Practice No. 2: Use email filtering processes.

      Some email security controls provide an email filtering capability that provides the ability to strip all external attachments and links to prevent execution and clicking on malicious links with drive-by downloads as well as label external emails with designators such as [EXTERNAL] in the subject line and/or in the body of the email when received or put a colored bar across the email with a warning. This will help reduce the chance of pretexting a victim as an internal user.

      Best Practice No. 3: Analyze suspected email as often as possible.

      Security controls such as Cofense PhishMe provide an email client plug-in called PhishMe Reporter that allows an end-user to submit a suspected phishing email for analysis. It also enables an organization’s SOC to rapidly delete all occurrences of the offending email from user mailboxes to prevent those additionally spread if the phishing campaign is cast with a wide net. Other security controls have similar capabilities and should be reviewed to see what works best for the organization.

      Best Practice No. 4: Educate defenders about attacker tactics.

      If you do fall victim to a social engineering attack, knowing how attackers operate and educating your defenders on these tactics will be helpful when they’re tasked with monitoring the networks and identifying the exfiltration of data.

      More advanced examples based on the maturity of an organization’s defensive posture include:

      Best Practice No. 5: Remove unneeded administrative accounts.

      Remove privileged and administrative accounts where they are absolutely not needed and leverage a just-in-time secrets management system; if an end-user is successfully phished, it reduces how much access rights they could begin with when establishing their foothold.

      Best Practice No. 6: Install a credential check-out process.

      For privileged and administrative accounts, institute a credential check-out process that requires a two-part approval process with justification review and the ability to automatically expire credential access after a set period of time.

      Best Practice No. 7: Deploy user-behavior analytics.

      Establishing user baselines with user and entity behavior analytics (UEBA) to serve as an early alert system if your endpoint controls fail, you may be able to detect an attack based on deviations from these baselines of usage and access patterns.

      Best Practice No. 8: Use machine learning in the SOAR process.

      Similar to above, as you start to generate baselines of activity for users and entities, you can start to enrich your data with intelligence that will allow you to start applying machine learning with technologies and security controls through what is known as security orchestration, automation and response (SOAR). Instead of relying on a human analyst to review potential incidents, there are solutions out there that provide an automated task management approach to repeatable and mundane tasks which allows the analysts to focus on more complicated security issues and investigations. SOAR technologies provide scalability and speed to organizations that have a hard time manually identifying threats and responding to them.

      Best Practice No. 9: Start a no-fault social engineering testing program.

      Lastly, a no-fault social engineering testing program is a good way to test employees via phishing, and other social engineering techniques. Ensure end-user profiles are created with known access rights to which assets and data. Knowing what could be potentially exposed if an end-user is compromised may inform what controls you put in place and where – not all controls are equal for every user. Some users may require unique controls based on their business processes and technical aptitude, while others may not be exposed to critically sensitive information or processes.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×