How To Protect The SOC From Social Engineering Attacks
The number of cyberattacks has increased rapidly, in both quantity and sophistication, during the last few years. The coronavirus pandemic has led to a significant shift in the workforce working from home, which resulted in a massive increase in cyberattacks. No one is immune to cyberattacks; organizations of all types and sizes continue to fall victim to cyberattacks despite all installed security solutions. The new threat landscape has forced organizations to invest in cyber defense, and having a SOC capability has become an essential countermeasure to respond to current and emerging threats.
A security operations center (SOC) is the team responsible for continually monitoring and evaluating the security defenses of an organization, in addition to defending against data breaches and suggesting countermeasures to mitigate current and future cyber threats. A SOC can be either in-house or outsourced to a managed security service provider (MSSP).
In this article, I will discuss how to protect the SOC team members from social engineering attacks. Like APT groups, sophisticated cybercriminals gather as much information about their target before executing the actual attack. Suppose adversaries succeeded in convincing a key SOC member to give enterprise credentials through social engineering tricks. In that case, a security hole can open in the target organization’s defense wall, leading to penetrating its security solutions and possibly leading to a data breach.
Social Engineering Attack Prevention Strategies
Social engineering (SE) attacks, especially phishing email, remain the top threat that faces organizations. According to securityboulevard, 95% of all attacks targeting enterprise networks are caused by spear phishing, and 30% of phishing emails are opened by targeted users, while 12% of these users click on a malicious URL within the email body.
In the following lines, I give several useful cybersecurity tips to protect organizations against SE attacks:
- Avoid publishing sensitive info online that can be used against SOC team members. For example, Open Source Intelligence (OSINT) can be utilized to discover sensitive information published online about any entity (whether it is an individual or a corporate). After discovering the sensitive info, an organization can remove them before threat actors exploit it. Visit www.OSINT.link to check the plethora of online services and search engines that can be used to gather OSINT from various online sources.
- Employees’ cybersecurity training remains the best defense against SE attacks. Humans are considered the weakest link in the digital chain, and exploiting their tendency to trust remains the most effective method employed by cybercriminals to enter the target enterprise network. For instance, despite employing security solutions such as antimalware and intrusion detection/prevention software, if unaware employees click a malicious link within an email, this action can compromise the entire enterprise IT environment.
- Employees should carefully check the sender’s email message to discover any attempt to hide behind a legitimate entity. For example, phishers may use the following domain name (@gooogle.com) instead of the original address (Google.com) when sending phishing emails to trick the recipient into trusting the sender by pretending to be originated from Google.
- Use email encryption when sending/receiving emails to protect sensitive data such as personal information, technical information about organization security defenses, and internal communications. Encryption also ensures data transmitted via email is not modified during transit.
- All SOC team members’ computing devices operating systems, and installed security solutions (e.g., antivirus and antimalware), should remain current (up-to-date), in addition to all installed applications. This action prevents threat actors from exploiting unpatched vulnerabilities in OS and applications to gain unauthorized access.
- Use a safe DNS service to protect against malware and other malicious web attacks. For example, a safe DNS service will terminate the connection if a user tries to visit phishing websites. Examples of secure DNS services include Comodo Secure DNS and Dyn Internet Guide.
- Use Sender Policy Framework (SPF). SPF is an email authentication technique that prevents malicious actors from sending messages on behalf of your domain. Other similar protocols include DMARC and DKIM.
Deploy anti-spam solution. The anti-spam solution helps an organization to keep spam and other malicious emails out of employee’s inboxes. The most popular anti-spam software include the following:
- Implement different technological cyber defenses such as firewalls, antivirus, patch management, and access management policies.
- Do not download files you do not know; if you receive an email containing an attachment, check the sender’s email address carefully before downloading the attachment to your computer.
- Do not send confidential information over email or social media messages. If sensitive files/information need to be transferred via email messages, encrypt it first.
Social engineering attacks have spiked, especially during the ongoing COVID-19 pandemic. For this reason, all SOC team members need to follow the precautions measures mentioned in this article to keep their organization safe.