In this Help Net Security video, Alon Levin, VP of Product Management at Seraphic Security, explains what social engineering is, and how prevalent it is. He offers insight into the three ways enterprises can mitigate the risks of social engineering.
Personnel education and training. Users should always be on high alert for shortened and error-filled URLs, unsecured HTTP sites, webpages with broken images and links, and suspicious emails from colleagues asking for sensitive information such as credentials or bank account details. Personnel training helps raise employee awareness of social engineering attacks and teaches employees how to identify and report these attempts—if a user has input credentials and is redirected to a benign page, IT should be informed immediately.
Anti-phishing software. Additionally, implementing anti-phishing software that is not based on lists of known phishing sites will restrict access—unless the software knows which sites are phishing sites and which are not, more sites will be unnecessarily restricted.
Browser security. True protection from web attacks comes from securing the browser. Companies should look for a solution that analyzes web page structure and behavior to identify if a website or link is legitimate or not. Additionally, the solution should analyze runtime telemetry while being totally independent and not reliant upon any other third-party feed to enforce compliance with zero trust security models.