What data is at risk of being stolen via social engineering?
Social engineering, including phishing, is one of the best opportunities for an attacker to enter a well-secured network. Knowing what data is at risk is an important part of any security strategy. What data or systems of value does your organization have access to? That’s what an attacker will try to hijack.
If attackers are targeting proprietary information like R&D data, they’re likely to focus on C-level executives or employees with deep access to data. Sophisticated attackers will use public information from news articles and social networks to identify important players. As a result, these employees are more prone to customized attacks – called “spear phishing” – and may need more extensive training on how to spot fraudulent emails.
Goals of Social Engineering
Ultimately, most attackers have a goal of financial gain. Some attackers will target financial employees like accounts payable to divert payments to their own accounts. They may also ask employees for bank account information or credit card numbers, with the intent of making fraudulent transactions.
In broader attacks, many attackers will search for any personal information they can. Many of these attacks request users click a link to “confirm” information like current and former addresses, or application passwords (which the attacker then tries against multiple services) .
Even a victim’s computing resources may be of use to an attacker. Not all phishing attempts try to extract information; attackers may convince a user to download or run files that infect their computer. From that point, the attacker can exploit the user’s computing power to mine cryptocurrency, use network bandwidth to perform a denial-of-service attack against a second victim, or use the infected computer as a foothold to gain further access into the network.
Sedara is Your Cybersecurity Sidekick
Sedara can help protect your organization against social engineering attacks and more. To find out how we can help you, contact us.