As successful, preventative cybersecurity methods have increased over time, cyber criminals have shifted their focus from technological attacks to attacks on employees by way of Social Engineering. Social Engineering isn’t some brand new phenomenon and can be seen in numerous examples across history. The earliest form of ‘pretexting’ comes from the story in the bible where the Devil tempts Adam and Eve with an apple. Early forms of ‘baiting’ can be seen with Ulysses use of the Trojan horse to get past the gates of Troy. In 2002, Hollywood even cashed in on Social Engineering with Leonardo DiCaprio’s portrayal of Frank Abagnale in “Catch Me If You Can.” While the practices of Social Engineering have been around since the beginning of time, there are plenty of holes in the way business insurance covers these threats. In this blog will discuss the different types of Social Engineering, the ways to help avoid them and where your insurance might fall short.
Types of Social Engineering
Social Engineering comes in a variety of different forms, online and offline. In a 2010 article from Gartner, the advisory company was quoted as saying, “…Many of the most damaging security penetrations are, and will continue to be, due to social engineering, not electronic hacking or cracking… Social engineering is the single greatest security risk in the decade ahead.” Unfortunately, today the list of Social Engineering tactics continues to grow and become more sophisticated. We’ve highlighted a few of the more common practices below:
Tips for Avoiding Social Engineering Threats
90% of all cyber attacks are successfully executed with stolen credentials, or socially engineered, from employees. That means that organizations are more vulnerable from inside threats, rather than outside attacks. Educating your employees is half the battle. Here are a few tips on how to avoid such threats at your office:
Social Engineering Insurance. Am I covered?
Despite all the education and preventative measures around Social Engineering, it is inevitable that attackers will still find a way to fool at least one employee at your organization, if not more. It is imperative that organizations review their insurance policies to see what is covered. While traditional commercial crime policies generally contain a computer fraud and funds transfer fraud insurance agreement, many businesses are under the impression that these policies cover loss and breaches from social engineering. This is not true. A basic Cyber Liability policy does not provide you with coverage for events caused by social engineering.
Unfortunately, many of these agreements limit coverage to a direct loss resulting from “theft” using a computer system and not through many Social Engineering tactics. Because Social Engineering tactics generally cause an authorized transfer of funds by way of a fooled employee, the courts rule that these attacks do not fall under the same umbrella of a theft through that same computer system. This leaves many businesses at risk unless you add additional coverage to your current Crime or Cyber policies.
Proper insurance coverage can alleviate numerous headaches if/when data is compromised by Social Engineering hackers. Avoid the headaches and get in touch with Colony West today. Click here.