⚠️ Businesses and public institutions seeking to defend themselves against the current onslaught of social engineering attacks should follow some best practices and recommendations from the world of cyber protection:
– Reduce access to privileged accounts, and add multi-factor authentication throughout the organization
– Monitor users, applications, and networks for anomalous behavior, including suspicious failed logon attempts and uncommon network traffic patterns
– Conduct regular security awareness training, including exercises that test users’ ability to spot phishing emails and voice attacks, and don’t forget to include price targets like your C-suite executives
– Assume that eventually a social-engineering attack will get through, develop a cybersecurity incident response plan, and rehearse its execution it regularly
– Make sure that any employee authorized to transfer major sums of money is regularly briefed on tactics like whale phishing, voice impersonation, etc., and equip them with additional measures for out-of-band verification of payment instructions
– Consider shrinking the social-media footprint of privileged executives like your CFO to limit intelligence-gathering opportunities for black-hat social engineers.