Issue 4: Building a robust human firewall

by Smart Grid Forums on March 5, 2021

Cyberweekly No.4-1

It is often said that the weakest link in an organisation’s cybersecurity strategy is its own people! Cybercriminals know that if they can psychologically manipulate employees to carry out actions that divulge sensitive information, they can significantly reduce their hacking efforts, circumvent the technical prevention, detection and counterattack measures in place, and come back to the same target organisation time and time again, undetected.

Until organisations have built a robust human firewall, they have not built a firewall at all. This week we look at the Social Engineering trends that are fast becoming relevant to power grid employees and identify the most effective countermeasures you can employ to ensure that your people become the strongest link in your organisations’ cybersecurity strategy going forward.

Before we dive into the research it is critical to understand the basic tenets of social engineering. Social engineers prey on people’s inherent trusting natures. They use fear and urgency to drive people to take actions that appear to be in the best interest of their organisations whilst all along opening doorways into confidential systems that can lead to financial fraud, network intrusion, industrial espionage, identify theft, organisational disruption, and more.

Social engineering attacks can be carried out physically on your premises, via phishing emails, and increasingly via vishing scams that involve phone calls to employees to extract sensitive information. And it is not always the disgruntled employee that poses the greatest risk to your organisation. You will be surprised just how much information a helpful employee is willing to divulge if they are targeted by a skilful, confident, persistent social engineer that appears to know a lot about the employee and the organisation already.

We know that social engineering attacks are on the rise in the power grid and are rarely one-off incidents. More often they are staged and take time, planning and effort to execute. Typically these stages include: 1) researching your organisation, 2) choosing the target employee, 3) building trust with the employee, 4) exploitation.

The good news is that the staged nature of these attacks provide ample opportunity for your employees to raise the alarm bell, your cybersecurity team to technically intervene and thwart the attack, and your legal team to work with law enforcement to re-direct them from the power grid system to the prison system.

Please enjoy this week’s selection of news, views and resources below, and feel free to share this newsletter with colleagues in other departments, and peers in other organisations.

Kind Regards,

13491583329318294

Mandana White
CEO | Smart Grid Forums

News, Views & Resources

WHITE PAPER: International Journal of Security. Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications
Social engineering is a major threat to organizations as more and more companies digitize operations and increase connectivity through the internet. After defining social engineering and the problems it presents, this study offers a critical review of existing protection measures, tools, and policies for organizations to combat cyber security social engineering.
To read the white paper click here!

EXECUTIVE REPORT: TechRepublic. Social Engineering: A Cheat Sheet for Business Professionals.
We don’t operate like computers--they only do what they’re told, executing tasks based on a set of instructions, without the ability to critically assess the honesty or good faith of the person giving the input. At least, that’s what we think is different about us and machines. But that isn’t the case at all: We humans, for all our smarts and ability to make critical judgements, are also prone to taking our instructions at face value without considering the honesty of the person asking us to do something.
Hackers have learned this and turned it into a process called social engineering.
To read the report click here!

SECURITY AWARENESS PROGRAMME: KnowBe4. Human Error Conquered.
Many IT pros don’t know where to start when it comes to creating a security awareness programme that will work for their organisation. KnowBe4 has taken away all the guesswork with their Automated Security Awareness Program (ASAP). ASAP is a revolutionary new tool that allows you to create a customised Security Awareness Program for your organisation that will show you all the steps needed to create a fully mature training program in just a few minutes!
To build your free programme click here!

INFOGRAPHIC: Phishing Tackle. Is Your Email From A Social Engineer?
Ask these questions for every email, not happy with the answer? ALARM BELL!!
To download the infographic click here!

VIDEO: DEFCON. Hacking Challenge at DEFCON.
Watch what happens when journalist Kevin Roose challenges hackers to hack him.
To watch this video click here!

CyberAware Webinar Series

Screen Shot 2021-03-02 at 13.49.00

 

 
 
 
 

Topics: CyberAware