Social Engineering: How The Human Factor Puts Your Company At Risk

In a report from Positive Technologies - "Social Engineering: How the Human Factor Puts Your Company At Risk", we read that the firm studied its 10 largest pen testing projects performed for clients in 2016 and 2017. These tests included 3,332 emails sent to employees with links to websites, password entry forms, and attachments, mimicking the work of hackers.

The study found that:
 
17% of social engineering attacks are successful, and could lead to the compromise of a company's entire corporate infrastructure.

27% of employees clicked an emailed phishing link, making it the most effective method of social engineering. - To make the emails more effective, attackers may combine different methods: a single message may contain a malicious file and a link, which leads to a website containing multiple exploits and a password entry form.

Phishing is a perennial method used by hackers against both common users and corporate infrastructures due to its cheapness, simplicity, and high effectiveness. The best recommendation for common users is to be always on alert. Check who the sender is before clicking a link or opening attachments to make sure that they are not malicious. Before opening a file, scan it with antivirus software. If available at the workplace, open files in a special sandbox.  Make sure that the sender’s domain is legitimate. In case of any doubts, use an alternative method to communicate with the sender, such as instant messenger or phone, to check whether an email message and its associated domain are legitimate.