We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,762 News Articles

Social engineering attacks costly for business

Social engineering attacks are widespread, frequent and cost organizations thousands of dollars annually according to new research from security firm Check Point Software Technologies.

A survey of 850 IT and security professionals located in the U.S., Canada, U.K., Germany, Australia and New Zealand found almost half, 48 percent, had been victims of social engineering and had experienced 25 or more attacks in the past two years. Social engineering attacks cost victims an average of $25,000 - $100,000 per security incident, the report states.

[Also see Social engineering: The basics]

"Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive information," according to a statement from Check Point on the survey. "Hackers today leverage a variety of techniques and social networking applications to gather personal and professional information about an individual in order to find the weakest link in the organization."

Among those surveyed, 86 percent recognize social engineering as a growing concern, with the majority of respondents, 51 percent, citing financial gain as the primary motivation of attacks, followed by competitive advantage and revenge.

The most common attack vectors for social engineering attacks were phishing emails, which accounted for 47 percent of incidents, followed by social networking sites at 39 percent.

[Also see 9 dirty tricks: Social engineer's favorite pick-up lines]

New employees are the most susceptible to social engineering, according to the report, followed by contractors (44 percent), executive assistants (38 percent), human resources (33 percent), business leaders (32 percent) and IT personnel (23 percent). However, almost a third of organizations said they do not have a social engineering prevention and awareness program in place. Among those polled, 34 percent do not have any employee training or security policies in place to prevent social engineering techniques, although 19 percent have plans to implement one, according to Check Point.


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made