Social engineering attacks costly for business

Social engineering attacks are widespread, frequent and cost organisations thousands, annually according to new research from security firm Check Point Software Technologies.

Share

Social engineering attacks are widespread, frequent and cost organisations thousands annually, according to new research from security firm Check Point Software Technologies.

A survey of 850 IT and security professionals located in the UK, Canada, USA, Germany, Australia and New Zealand found 48% had been victims of social engineering and had experienced 25 or more attacks in the past two years. Social engineering attacks cost victims an average of $25,000 - $100,000 (£18,500 - £74,500) per security incident, the report said.

"Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive information," according to a statement from Check Point on the survey. "Hackers today leverage a variety of techniques and social networking applications to gather personal and professional information about an individual in order to find the weakest link in the organisation."

Among those surveyed, 86% recognise social engineering as a growing concern, with the majority of respondents, 51%, citing financial gain as the primary motivation of attacks, followed by competitive advantage and revenge.

The most common attack vectors for social engineering attacks were phishing emails, which accounted for 47% of incidents, followed by social networking sites at 39%.

New employees are the most susceptible to social engineering, according to the report, followed by contractors (44%), executive assistants (38%), human resources (33%), business leaders (32%) and IT personnel (a worrying 23%). However, almost a third of organisations said they do not have a social engineering prevention and awareness programme in place. Among those polled, 34% do not have any employee training or security policies in place to prevent social engineering techniques, although 19% have plans to implement one, according to Check Point.