[September 26, 2011] Check Point Releases Social Engineering Victim Survey Tweet Sep 26, 2011 (Close-Up Media via COMTEX) -- Check Point Software Technologies announced the results of a new report revealing 48 percent of enterprises surveyed have been victims of social engineering. "The survey results show that nearly half of enterprises surveyed know they have experienced social engineering attacks. Knowing that many of these attacks go unnoticed, suggests that this is a very wide and dangerous attack vector that must not be ignored," said Oded Gonda, vice president of network security products at Check Point Software Technologies, in a release. The report, The Risk of Social Engineering on Information Security, shows phishing and social networking tools as the most common sources of socially-engineering threats -- encouraging businesses to implement a combination of technology and user awareness to minimize the frequency and cost of attacks. Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive information. Hackers leverage a variety of techniques and social networking applications to gather personal and professional information about an individual in order to find the weakest link in the organization. According to the global survey of over 850 IT and security professionals, 86 percent of businesses recognize social engineering as a growing concern, with 51 percent citing financial gain as the primary motivation of attacks, followed by competitive advantage and revenge. While social engineering techniques rely on taking advantage of a person's vulnerability, the prevalence of Web 2.0 and mobile computing has also made it easier to obtain information about individuals and has created new entry points to execute socially-engineered attacks. New employees (60 percent) and contractors (44 percent) who may be less familiar with corporate security policies were considered to be the most susceptible to social engineering techniques, in addition to contractors, assistants, human resources and IT personnel. "People are a critical part of the security process as they can be misled by criminals and make mistakes that lead to malware infections or unintentional data loss. Many organizations do not pay enough attention to the involvement of users, when, in fact, employees should be the first line of defense," said Gonda. "A good way to raise security awareness among users is to involve them in the security process and empower them to prevent and remediate security incidents in real time." To achieve the level of protection needed in modern day IT environments, security needs to grow from a collection of disparate technologies to an effective business process. Check Point 3D Security helps companies implement a blueprint for security that goes beyond technology and can educate employees by involving them in the process. "Just as employees can make mistakes and cause breaches or threats within the organization, they can also play a large role in mitigating risks," said Gonda. With Check Point's UserCheck technology, businesses can alert and educate employees about corporate policies when accessing the corporate network, data and applications -- helping companies minimize the frequency, risk and costs associated with social engineering techniques. Key Findings from the Report: _The Threat of Social Engineering is Real -- 86 percent of IT and security professional are aware or highly aware of the risks associated with social engineering. Approximately 48 percent of enterprises surveyed admitted they have been victims of social engineering more than 25 times in the last two years. _Social Engineering Attacks Are Costly -- Survey participants estimated each security incident costing anywhere from $25,000 to over $100,000, including costs associated with business disruptions, customer outlays, revenue loss and brand damage. _Most Common Sources of Social Engineering -- Phishing emails were ranked the most common source of social engineering techniques (47 percent), followed by social networking sites that can expose personal and professional information (39 percent) and insecure mobile devices (12 percent). _Financial Gains are the Primary Motivation of Social Engineering -- Financial gain was cited as the most frequent reason for social engineered attacks, followed by access to proprietary information (46 percent), competitive advantage (40 percent) and revenge (14 percent). _New Employees are Most Susceptible to Social Engineering Techniques -- Survey participants believe new employees are at high risk to social engineering risks, followed by contractors (44 percent), executive assistants (38 percent), human resources (33 percent), business leaders (32 percent) and IT personnel (23 percent). Regardless of an employee's role within an organization, implementing proper training and user awareness is a critical component of any security policy. _Lack of Proactive Training to Prevent Social Engineering Attacks -- 34 percent of businesses do not have any employee training or security policies in place to prevent social engineering techniques, although 19 percent have plans to. "Security is not just a problem for IT administrators; it must be part of every professional's role. As the industry faces a rise in sophisticated and targeted threats, user involvement makes security technology smarter and more effective," said Gonda. Check Point Software Technologies provides protection against threats. Report information: checkpoint.com/surveys/socialeng1509/socialeng.htm. ((Comments on this story may be sent to [email protected])) [ Back To TMCnet.com's Homepage ]