December 30, 2014
Cyber criminals will expand and shift their use of social engineering in 2015, targeting small and medium sized businesses, along with non-profit organizations, warns Terry Evans, president of Cybersecurity Biz, LLC, a Rochester, N.Y.-based consultancy.
According to Evans, 2015 will see a major increase in the use of social engineering related crime against all industries.
Social engineering is a low tech inexpensive method used by cyber criminals to gain information and access. According to Evans, it involves manipulating workers and others to voluntarily give up information or access.
“The weak link in every cybersecurity chain is the human factor,” he said. “Small to medium sized businesses along with non-profit organizations are prime targets primarily due to their failure to prepare.
“Larger companies have invested in cybersecurity solutions and understand the risks. Unfortunately, smaller sized operation and non-profits erroneously think they are immune, when in fact they are easy prey for cyber criminals.”
The most effective strategy to mitigate risks and defend against attacks is to provide all employees with social engineering awareness training in combination with writing, implementing, and enforcing effective policies and procedures, he added.
“Many companies squander their limited funds on solutions that they don’t need, don’t understand, or don’t even use! Failing to address the threat from social engineering is somewhat like buying a high tech security system and then propping the back door open with a chair.”
“It’s really about ROI and the bottom line,” said Evans. “If you are doing business with a company that isn’t addressing social engineering then you are at risk as well. If you want to attract customers and expand your business, you must take steps to ensure you aren’t exposing others to the threat of a cybersecurity breach.”
Cybersecurity Biz, LLC, is a business-focused cybersecurity consulting firm, providing a host of cybersecurity services nationally, including comprehensive social engineering awareness training.