Cyber threat actors and their techniques have evolved, but most attacks still contain elements of social engineering. Without complex tools, software or extensive knowledge about the security platform, social engineering is an effective, non-technical strategy used by cyber criminals. It relies primarily on human interaction to gain trust and manipulates people into breaking standard security practices.
Common social engineering techniques used to target users include phishing and pretexting.
This is one of the topics highlighted in the report: Advancing Cyber Risk Management: From Security to Resilience, a new report from Marsh & McLennan Insights developed in partnership with Mandiant, a FireEye company.
This report highlights three strategic imperatives to strengthen cyber resilience:
- Understand (know your threats) – Identifying organization- and industry-specific cyber threats and regulations calls for robust strategies that include cross-disciplinary considerations.
- Measure (know yourself) – Quantify the potential financial impact of cyber exposures to compare against the level of risk appetite acceptable to the board. This will determine the amount of investment necessary to mitigate and transfer any residual risk.
- Manage (know what you can do) – Control and mitigate cyber risks by having clear action plans based on your capabilities and capacities to protect against cyber criminals.