Social Engineering Countermeasures: To combat social engineering is very critical for any certified ethical hacker (CEH). Ethical hackers are the security professionals or network penetration testers. The organizations employ them to use their hacking skills and toolsets for defensive and protective purposes. These defensive methods are the countermeasures to social engineering.
A countermeasure is a measure that can be taken to reduce threats, vulnerabilities or attacks by preventing or eliminating them by minimizing their effect, timely detection or response.
What is Social Engineering?
Social engineering is an information gathering method that does not necessarily make use of technical approaches. Social engineering takes advantage of the fact that the humans are the weakest links in security architecture. For instances, an attacker wanting to exploit an organization’s security system would target its staff rather than directly trying to break electronic and cryptographic algorithms.
You may also like to explore Types of Social Engineering.
Moreover, getting a professional of such kind requires time as the organizations have to trust the CEH so that they do not pose harm to their systems during penetration testing. At a personal level, getting a CEH is too expensive. Therefore, the alternatives can be taken.
Some of the countermeasures that can be adopted are:
Documented and Enforced Security Policies
Security policies aren’t effective enough if they are not shared, trained, and reinforced by employees. For this reason, organizations need their policies to be communicated to respective employees. It is the yardstick that measures how easy it is to implement these policies.
Without knowing the importance of implementing these policies, the concerned employees won’t be committed to the existing policies of the organization. The policy set up by the organizations should address how and when accounts are set up and terminated. It should also cover how often passwords are changed, accessibility of information, and the consequences of violations.
Also, the policy should spell out help desk procedures for the previous tasks as well as a process for identifying employees – for example, using an employee number or information to validate a password change. The destruction of paper documents and physical access restrictions are additional areas the security policy should address. Lastly, the policy should address technical areas, such as the use of modems and virus control.
Some of the aspects to cover in the security policies are:
- Computer system usage – monitoring usage of hardware and software, how to response to chain emails, etc. both through personal devices and office devices. Employees should know how to protect their devices, for example by protecting from viruses using antivirus.
- Information classification and handling – every employee should be aware of information about the organization are that classified. They must know how to handle this classified information, like where to dispose, how to share with other related organizations.
- Personnel and Physical security – identifying new and non-employees to ensure that they do not create a security threat. It can be easier for small organizations but for large organizations, the security in this term would require strong surveillance. The organization’s systems should be secured with a password sign in, biometrics or others.
- Password policies – standards for secure password should be defined. It is recommendable that the passwords should be required to expire after a specific period in all systems.
Risk assessment is a systematic approach that assists the managerial component of the organizations in understanding the risk factors that may bring negative implications to the organization’s operational capabilities. It helps the organization to identify the important assets of the organization and prioritize them so that the best effort can be put in to protect them. With a proper understanding of which properties or assets deserves more attention and protection, the organizations can effectively provide assets security. Moreover, it assists in the proper implementation of security policy.
Awareness and Education
The most important countermeasure for social engineering is employee education. All the employees should be trained to keep confidential data safe. As a part of security education, organizations have to provide timely orientation about their security policy to new employees.
The security policy should address the consequences of the breaches. The security policy updates must be known by all the employees so that they can act accordingly.
At a personal level, one must be aware of the latest security issues. One must know simple things like how a legitimate URLs looks like, how to implement latest security updates, and how to use systems vigilantly. It is always recommended that one does not react to and discard messages or emails from unknown sources. Other security measures like installation and updates of antivirus in computers are highly recommended.
In short, building awareness amongst the users about the common techniques employed and behaviors targeted by a social engineer is an important part of defense strategy.
Security Incident Management
When an attack occurs, the associated staff must be in the position to manage the incident. Each new incident provides new inputs for the review of the security to the security incident team. For this reason, the security response team must have protocols that records:
- Target name
- Target department
- Attack vector
- Attack description
- Attack outcome
- Attack effect
Several approaches can be adopted to combat social engineering. Though social engineering attacks are unpredictable and can occur in any form at any time, these approaches can prove applicable in organizations or at an individual level. Do you know the types of hacks? Check out here: Types of Hacking!