Social Engineering Awareness Training

Author:

Stephen Fowler, Director of Technologies

Stephen writes about the importance of social engineering training. If you would like to talk about your own cyber security needs, please email him at sfowler@omnicybersecurity.com.

Engage with our experts at OmniCyber Security and with our partners Proofpoint and CybSafe to advise on how to educate and protect your employees, your business and your customers.

When it comes to social engineering attacks like phishing and pretexting, deepfake romance isn’t an imminent threat or concern for businesses, and AI isn’t an efficient tool for attackers. Essentially, via basic social engineering, people will reveal passwords and sensitive information if you ask them nicely.

Britain’s data watchdog has recently issued a construction business with a potential £4.4 million fine after a successful phishing attack exposed the personal data of up to 113,000 employees.

In a typical approach, one employee forwarded an email containing the hidden payload to a colleague who then opened it, and downloaded the content, allowing the malware to do its work.

The attack compromised 283 systems and gained credentials to 16 accounts. Once inside, it uninstalled their endpoint software and could have then led to access to the remaining account list, containing personal data from both current and former employees.

The Information Commissioner’s Office said the company in question failed to exercise good security hygiene and missed alerts amongst other failures, so it was deemed to have broken data protection laws.

It is worth highlighting, the EDR in use quarantined the malware and dispatched an alert, but the company failed to thoroughly investigate the suspicious activity. If they had done so, they could have discovered the threat actor who had obtained access to these systems.

Fundamentally, the data regulator found a litany of errors, obviously beginning with not responding to the initial alert of suspicious activity.

Using outdated software systems and protocols, combined with a lack of suitable training for staff and insufficient risk assessments, leaves us all vulnerable to attackers. In this case within a supply chain, they put their customers and their customers’ customers (and so on) at risk.

For more information on the expert advice and training we provide at OmniCyber Security, contact our team today.

Contact us..

The Biggest IT Outage In History: What Happened?

John July 19, 2024

Move over Y2K, there’s a new legendary outage in town. A broken software update has crashed Windows devices around the world, bringing airports, TV channels,

Find Out More

Understand Your Supply Chain Threats With Supplier Assurance

John July 2, 2024

Your organisation’s security extends beyond its own walls. Every organisation has suppliers. Whether they deliver products, systems, customers or services, the modern landscape of business

Find Out More

What Are the Requirements of ISO 27001?

John June 18, 2024

ISO 27001 is the internationally recognised standard for information security management systems (ISMS). It provides a robust framework that helps organisations manage their information

Find Out More

Social Engineering Awareness Training

Contact us..

Related Articles

The Biggest IT Outage In History: What Happened?

Understand Your Supply Chain Threats With Supplier Assurance

What Are the Requirements of ISO 27001?

Secure every inch of your business

Services

Company