Cyber ​​risk Social engineering challenges companies

Cyber ​​risk Social engineering challenges companies

Share post

Social engineering is a major security risk. Cybercriminals steal credentials from individuals via mobile phishing attacks and infiltrate company infrastructure. Using personal mobile devices for work creates a major gap in security visibility.

Security teams in companies are currently facing various challenges when it comes to threat monitoring, i.e. monitoring possible threats. Sascha Spangenberg, Global MSSP Solutions Architect at Lookout, explains the recent changes in attacker behavior: In the past, attackers have attempted to gain access to the infrastructure directly through vulnerabilities or using brute force methods. While these attacks are still possible, the risk of being discovered before the attacker can penetrate is high.

Attacking individuals to steal credentials

Now attackers are targeting individuals who likely have access to large amounts of valuable cloud data. The attackers' goal is to steal these users' credentials via mobile phishing attacks in order to discreetly penetrate the company's infrastructure under the guise of a legitimate user.

This creates massive problems in threat monitoring because if an attacker uses stolen credentials, the threat appears to be coming from within. The modern attack chain means companies must change their tactics. Not only do you need to be able to protect against mobile phishing attacks on managed and unmanaged devices, but you also need to be able to detect anomalous data interactions by internal users.

Effective threat monitoring strategy

Today, there is a need for an effective threat monitoring strategy that can evolve with attackers' changing behaviors and tactics. As the modern attack chain has evolved, detecting anomalous behavior from known users is critical. If this activity can be detected, it could be an indication that this user's account has been compromised.

There are a number of ways to detect anomalous behavior, from where the user logs in from to the applications or data they access.

Employees today expect to be able to access data anywhere and from any device, whether via their personal smartphone or a company-owned notebook. Therefore, organizations cannot rely on policies that simply block access based on certain parameters. Threat detection and data access rules must be adaptive and take contextual factors into account to identify potentially at-risk users, devices, and actions that could put data at risk.

Social engineering causes the most problems

Various types of social engineering attacks are currently causing the most problems for security teams and therefore companies. The most critical are social engineering attacks that occur through mobile applications and platforms. Many companies allow employees to use personal mobile devices for work, creating a major gap in security visibility.

Attackers identify people likely to have access to sensitive infrastructure and then conduct social engineering through channels outside the purview of the company's security team. This can be done through a platform like LinkedIn, through social media applications, or simply by text message. Exploiting a mobile device for social engineering allows attackers to compromise company security measures, such as: Bypassing email filters, such as email filters, by targeting personal messaging accounts while reducing the likelihood of the user recognizing the phishing message.

Companies can take precautions to prevent attackers from using social engineering to break into their networks. It is crucial that companies build a culture of cybersecurity in all departments - beyond the IT department and the already sensitized security team. Training is an important part of this. By understanding that a modern attack can look like a well-organized social engineering campaign, companies can protect their employees from attackers.

Raising employee awareness is crucial

It's critical to communicate to employees the value of their credentials in the context of modern attacks. Sensitive data exists in all areas of the company: HR has access to a wealth of personal employee data, product management constantly logs into cloud applications that store sensitive intellectual property, and finance teams have access to company-wide performance data. With all this data, a company cannot afford for it to be compromised.

Companies across all industries must adopt a data-centric approach to security. This not only means protecting the data itself, but also being aware of all the ways attackers can exploit internal employees without their knowledge to gain access to sensitive applications and data in the first place.

More at


About Lookout

Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.


Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more