We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,773 News Articles

Social engineering attacks costly for business

Social engineering attacks are widespread, frequent and cost organizations thousands of dollars annually according to new research from security firm Check Point Software Technologies.

A survey of 850 IT and security professionals located in the U.S., Canada, U.K., Germany, Australia and New Zealand found almost half, 48 percent, had been victims of social engineering and had experienced 25 or more attacks in the past two years. Social engineering attacks cost victims an average of $25,000 - $100,000 per security incident, the report states.

[Also see Social engineering: The basics]

"Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive information," according to a statement from Check Point on the survey. "Hackers today leverage a variety of techniques and social networking applications to gather personal and professional information about an individual in order to find the weakest link in the organization."

Among those surveyed, 86 percent recognize social engineering as a growing concern, with the majority of respondents, 51 percent, citing financial gain as the primary motivation of attacks, followed by competitive advantage and revenge.

The most common attack vectors for social engineering attacks were phishing emails, which accounted for 47 percent of incidents, followed by social networking sites at 39 percent.

[Also see 9 dirty tricks: Social engineer's favorite pick-up lines]

New employees are the most susceptible to social engineering, according to the report, followed by contractors (44 percent), executive assistants (38 percent), human resources (33 percent), business leaders (32 percent) and IT personnel (23 percent). However, almost a third of organizations said they do not have a social engineering prevention and awareness program in place. Among those polled, 34 percent do not have any employee training or security policies in place to prevent social engineering techniques, although 19 percent have plans to implement one, according to Check Point.


IDG UK Sites

Samsung Galaxy Alpha vs iPhone 5S comparison review: Metal smartphones fight

IDG UK Sites

Gateway to your kingdom: why everybody should check and update their broadband router

IDG UK Sites

Fonts review

IDG UK Sites

Best Mac? Complete Apple Mac buyers guide for 2014