Password weaknesses can be exploited. Today, users are susceptible to social engineering because they access more web-based systems. With the increased adoption of cloud computing, users are logging into more internet-based systems. How can your company reduce risk to social engineering? The FFIEC states, “Controls against these attacks [social engineering] involve strong identification policies and employee training.”
The Federal Financial Institution Examination Council (FFIEC), which is a governing body that provides guidance to banking agencies, states, “All authentication methodologies display weaknesses. Those weaknesses are of both a technical and a nontechnical nature. Many of the weaknesses are common to all mechanisms. Examples of common weaknesses include warehouse attacks, social engineering, client attacks, replay attacks, man-in-the-middle attacks, and hijacking.” (FFIEC Information Security Booklet)
With the rise of adoption of cloud computing, users are increasingly more susceptible to social engineering due to the increase in web-based applications that they log into. How to can your company reduce risk to social engineering? The FFIEC states, “Controls against these attacks [social engineering] involve strong identification policies and employee training.” PhishingBox allows you to test employees susceptibility to social engineering. This testing also acts as training as it helps employees understand some of the various attack scenarios used by social engineers.
Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.