What You Don’t Know Really Can Hurt You

Social engineers wait for naïve, untrained staff to fall into their traps.

September 12, 2011
/ PRINT / ShareShare / Text Size +

Two alarming findings

The 2011 Verizon Data Breach Investigations Report [pdf] not only provides extensive details on data breaches, it offers compelling evidence that a comprehensive security awareness program is essential to protecting institutions from opportunistic social engineers.

The report claims that of all the breaches stemming from social engineering methods documented in the study, 83% were “opportunistic attacks” on institutions that exhibited a weakness or vulnerability the attacker could exploit.

The report indicates that most of these attacks originated in the form of classic social engineering tactics, including pretexting, counterfeiting/forgery, phishing, hoaxes, and “trusted authority” influence tactics.

Like the police officer in the anecdote, social engineers simply wait patiently for naïve, untrained employees to come along and fall into their traps.

The two most alarming conclusions that should influence an organization’s attitudes toward security awareness training:

  • Frontline employees/end users were the targets of 80% of these attacks; and
  • 78% of the attacks involved in-person contact.

In light of these results, it’s no wonder that many independent studies show that nearly two-thirds of the organizations that suffer breaches rank security awareness training as their top priority for post-breach remediation.

The same studies consistently indicate that more than 75% of these organizations claim employee education is the most effective way to prevent fraud.

These facts should be enough justification for most organizations to either implement an intensive security awareness training program or at least rethink their current approach.

For those still not convinced, consider that the costs related to data breaches involving social engineering are estimated to be around $315 per record. That’s $100 more than the estimated per-record costs for incidents resulting from other causes.

What your employees don’t know can hurt the entire organization. The good news is that security awareness training isn’t only a proven method of combating social engineering and fraud, it’s a relatively inexpensive endeavor.

It’s certainly less expensive than an actual security breach.

DAVID BLAZIER is marketing manager for TraceSecurity, a CUNA Strategic Services alliance provider Contact him at 225-612-2121, ext. 31062.

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive