How Can I Minimize The Impact of Physical Social Engineering Attacks?
A social engineering test should result in a list of actionable items that reduce the likelihood of successful cyberattacks. These steps often begin with basic improvements and progress to more advanced, customized solutions over time.
Multi-factor authentication (MFA) is a common way for immature organizations to improve their protection against cybercriminals. This approach requires an individual to provide multiple login credentials or factors before they can access a restricted area. Factors can include knowledge, possession, or inherent property. Knowledge is something only the user knows (Like a password), a possession is something only the user has (Like a phone or token generating device), and an inherent property is something only the user is (Like a fingerprint).
The intense focus that many organizations currently have on protection against malware attacks is certainly justified, but it often causes them to overlook physical security. A follow up engagement will allow the social engineer to check improvements in security and training.