Social engineering biggest cause of cyber-breaches

Here's another solid proof of what security experts have been buzzing about in the past few years – that people are the single greatest cyber-security threat to businesses.

This time, proof comes from Transputec and Business Continuity Institute, which have polled 369 business continuity professionals from all over the world into enterprise cyber-security.

The results are clear – among the companies targeted by cyber-criminals, in 60 per cent of cases they were hit by either phishing, or social engineering. Spear phishing was mentioned 37 per cent of times.

The costs of these attacks 'varied greatly', from less than €50,000 (£42,500, 73 per cent of cases), to €500,000 (£425,000 – six per cent).

“The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack,” said Sonny Sehgal, Head of Cyber Security at Transputec.

“This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology. The term “social engineering" describes this attack vector which relies heavily on human interaction and often involves tricking people into breaking normal security procedures.”

Research authors said that behavioural threat detection systems are the best way to defend against these types of attacks. They monitor the network for signs of suspicious insider activity, as well as failed hacking attempts.

Traditional anti-virus monitoring systems are simply not enough anymore. “The scale of the cyber threat can feel overwhelming at times. But educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience,” he added.

Image Credit: zimmytws / Shutterstock