News / Blog
« Return to News

Social Engineering Attack Prevention and Mitigation

When Microsoft security experts offer advice, organizations should listen, particularly with regards to social engineering attacks. Microsoft has provided insight into social engineering attack prevention and mitigation.

Social engineering attacks are becoming increasingly sophisticated, and as a result, far more difficult to control since the attackers generally prey on the human element rather than technology.

According to Microsoft’s Security Intelligence Report, social engineering attacks can only be managed through a holistic approach that optimizes software, people, and the organization itself.

For example, organizations should be strategic in terms of allocating powerful user accounts (eg “the attack surface.”) These accounts allow access to highly-sensitive information and as such, are considered high-risk. These accounts must be limited in their quantity, and secured through a proportionately high degree of controls.

Similarly, IT should examine other “soft spots” across the environment, be it technology, process, or policy. Organizations should also create a social engineering incident response team to quickly mitigate damage should a breach take place.

Lastly, companies should train and test their employees for social engineering attacks. Phishing simulation attacks are a cost-effective method for such testing.

Posted by PhishingBox on 03/26/2013
Read More Phishing Facts | Take a Free Phishing Test
View our Security Awareness Training for Employees

Protect Your Employees!

Try our Phishing Simulation Software

Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.


Phishing Alerts

Learn about recent security breaches that involve phishing and receive security tips and tricks to protect your business.

* indicates required