Monday, 18 May 2020 23:27

Social Engineering: A cause of concern for Australian Businesses

Mark Padginton, Key Account Manager, JAMF Mark Padginton, Key Account Manager, JAMF

GUEST OPINION By Mark Padginton, Key Account Manager JAMF: Most Australian businesses have deployed tools and services to improve their IT security, yet many remain vulnerable due to one key factor: human beings.

Social engineering has become the conduit of choice for cybercriminals as they work to penetrate networks to cause disruption and financial loss. Unfortunately, it’s a conduit that can be difficult to close.

According to a recent report from the Office of the Australian Information Commissioner*, malicious or criminal attacks (including cyber incidents) accounted for 64% of all data breaches while phishing attacks caused at least 15% of the data breaches reported to its office. Human error is also noted as a critical factor and caused 32% of reported incidents.

Different techniques

Social engineering is used by cybercriminals in a range of different ways. Some use social networking platforms to harvest personal details about individuals and then use that information to craft emails and text messages that appear to be authentic.

For example, a recipient might receive an email that seems to have come from their company’s HR department asking them to confirm personal details. Alternatively, a text message might be received that has apparently been sent by the individual’s bank. It could ask them to enter credit card or bank account details which are then stolen and misused.

Other techniques involve using physical items such as USB storage keys. A staff member could be sent a key that appears to have come from a reputable source and contain important business data. However, once that key is inserted into a corporate PC, the malware contained on it quickly spreads into the organisation’s IT infrastructure.

Create a human firewall

Clearly, human beings are on the front line when it comes to social engineering attacks, yet this doesn’t mean there’s nothing that can be done to improve security. Increasing numbers of organisations are building what’s termed ‘human firewalls’ designed to reduce incidents and prevent malicious attacks.

Human firewalls are groups of employees who are committed to following best-practice steps when it comes to cybersecurity. The bigger the group gets within an organisation, the stronger the firewall becomes.


Creating an effective human firewall to help overcome the challenges of social engineering requires a few important steps. They are:

  • Explain the reasons: Begin by explaining to all staff why the strategy is being followed and how important it is for overall IT security. Some may already be very vigilant and aware of potential social engineering techniques, but many may not. Hold an organisation-wide session to kick things off.
  • Keep it simple: Corporate cybersecurity strategies can be complex beasts. Rather than trying to inform everyone about everything, start with some simple, practical steps that everyone can immediately follow. These may include not clicking on suspicious attachments or inserting unknown USB drives into PCs. Staff should also be encouraged to report any unusual communications or requests to their internal security team for review.
  • Continue the education: Creating a human firewall is not a one-off activity. Staff should be regularly encouraged to remain vigilant and informed of any new threats that might be identified.
  • Explain the software you’re using to protect devices. With a strong mobile device management (MDM) partner, organisations can protect company and user data without impacting the end user experience. Explain to employees what the software does and doesn’t look for, and what IT is able to access on their device if they find it is infected.
  • Recognise contributions: When staff identify things such as attempted phishing attacks, ensure their efforts are recognised. This will make it more likely that others will take the challenge seriously.
  • Don’t forget contractors: Many organisations have contractors who join teams for extended periods. Ensure they are included in the human firewall push and understand their role in keeping IT resources secure.

By following these steps, Australian organisations can help to reduce incidents of social engineering that lead to cyberattacks. Staff can become a strong protective layer that will prevent cybercriminals from gaining access and causing problems.

Humans will always make mistakes, but well informed and motivated humans can actually become a valuable part of an organisation’s overall security strategy.

Read 1180 times

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments