Mitigation of Social Engineering

Mitigating social engineering attacks in general

A malicious actor may use psychological manipulation, deception, or other strategies as part of a social engineering attack to persuade people to reveal sensitive information or perform actions that could compromise an organization’s security. Because this approach relies more on human behavior than technological flaws to succeed, it’s challenging to stop. Machines can follow rules easily, but humans aren’t as rigid. It’s this flexibility and the psychological need of ownership that social engineering attacks attempt to exploit. As such, some attacks, such as phishing, are often just considered akin to scamming.

Implementing a combination of technical and nontechnical measures is vital to mitigate the risk of social engineering attacks. Some steps that organizations can take to do so include:

• Providing employees with training and education about common social engineering tactics, such as phishing, pretexting, and baiting, can help to increase their awareness and reduce the risk of them falling victim to an attack. It’s considered good practice to, at the very least, test employees with a monthly phishing test so that they can remain vigilant and avoid accidental instances of clumsiness, gullibility, or nonseriousness.

• Implementing robust security controls is essential. Technical security measures, such as firewalls, intrusion detection and prevention systems, network access controls, and proper logging, can assist in detecting or thwarting social engineering attacks.

• Employing security policies and procedures, such as password management policies and access control policies, can help lower the risk of social engineering attacks by limiting employee access to sensitive information.

• Testing and assessing security controls on a regular basis is also an effective tactic. An organization’s security measures may have gaps that a social engineering attack could take advantage of. Therefore, regular security assessments like penetration testing and vulnerability assessments can assist in finding and fixing those issues.

Overall, mitigating the risk of social engineering attacks requires a combination of technical and nontechnical measures and a proactive, ongoing approach to security.

There are some general rules that we should keep in mind whenever we’re at work. They will also help us when we’re drafting a pentesting strategy:

• Be wary of unusual messages from friends.
• If the request in an email or Slack message is urgent, then it’s likely suspicious.
• If we receive a job or monetary offer that feels too good to be true, it probably is.
• Be wary if receiving unsolicited advice or a request to update software from our IT team.

Mitigating phishing

It’s critical to be aware of attackers’ strategies and to exercise caution when responding to unsolicited communication to protect against phishing attempts. This may consist of the following:

• Verifying the sender’s identity and legitimacy before responding to communication.

• Avoiding accessing attachments or links in unwanted emails or texts.

• Reporting suspicious communication to the appropriate authorities or organizations.

• Avoiding non-HTTPS web pages.

• Avoiding pop-ups.

Placing strong safeguards, such as firewalls and intrusion detection and prevention systems, to stop phishing attacks and other online risks is always a good move.

Preventing MITM attacks

Unlike phishing, which relies more on the human element, MITM attacks focus more on the technical aspect. As such, preventative measures end up being more technical in nature. Let’s briefly look at some of these measures:

• Encryption: The transmission of data between two parties can be protected against reading or modification by encrypting the conversation. The connection between a user’s web browser and a website can be encrypted using secure protocols, such as HTTPS. It can also be encrypted between two devices connected to a network using technologies like VPNs.

• Authentication: Verifying the identities of the parties before communication can aid in avoiding MITM attacks. This may involve using authentication technologies, such as Public Key Infrastructure (PKI) and digital certificates.

• Network security controls: By blocking or identifying malicious network traffic, network security measures, such as firewalls and intrusion detection and prevention systems, can aid in preventing MITM attacks. Using a secured, company monitored internet connection is a good example.

• Education: Training users about security best practices can help prevent MITM attacks by increasing users’ awareness of potential threats and teaching them how to recognize and avoid suspicious communication. For example, users should be taught to only trust HTTPS connections and understand the importance of MFA.