Expanding and updating your security awareness program needs to be done on a consistent basis to keep the materials fresh and to educate users on what the latest threats are. One topic you may wish to consider in your next presentation / training material is the increased frequency of “vishing” or voice phishing attempts.
This is not a new scam per se but most of your users have most likely had “Microsoft Technical Support Representatives” who call and try to get people to install malicious software or request credit card information so they can bill for false services. In fact, in a study conducted by Microsoft, 22% of people that were called by phony support technicians fell for the scam.
At the recent Defcon conference a social-engineering capture the flag contest captured information such as its janitorial contractor, hours of breaks, and even got the store manager to logon to an external website to fill out a survey about an upcoming visit.
We at NCI have also recently been made aware of a scam whereby cybercriminals are calling people indicating they are responding on behalf of NCI and that they have had a cyber-security breach and to provide sensitive information in order to protect themselves.
Social engineering is one of the greatest risks to businesses today and the only defense is constant education and awareness programs.
Please contact NCI to schedule a free 1-hr executive education session delivered by our CIO – Eugene Ng to help you garner awareness throughout your organization.