Cyber Risk Consultancy

From Feb 2020, Cybersigna will suspense face to face consultancy and position as an online community to share with partners best practices and approach to cyber business risk management. More interactive and self-service component will be incorporated to the portal later in the year.

These digital services will help to provide Audit and Review and evaluation of an organisation’s cybersecurity posture. The self-service is design to provide public and private organisations with an audit of their compliance readiness to manage cyber risk and Cost of Investment (COI).

Cyber Forensics – Social Engineering (SE)

As part of our realignment, we will no longer be offering Social Engineering Cyber Forensics services.

Company looking for open source tools can consider using Kali Linux. Kali Linux Revealed ebook can be download free here or you can purchase a physical copy in Amazon.

More about SE

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. They are also used to create misinformation.

Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.

What makes social engineering especially dangerous is that it relies on human error, rather than vulnerabilities in software and operating systems. Mistakes made by legitimate users are much less predictable, making them harder to identify and thwart than a malware-based intrusion.

Social Engineering Prevention

Social engineers manipulate human feelings, such as curiosity or fear, to carry out schemes and draw victims into their traps. Therefore, be wary whenever you feel alarmed by an email, attracted to an offer displayed on a website, or when you come across stray digital media lying about the fact. Being alert can help you protect yourself against most social engineering attacks taking place in the digital realm.

Moreover, the following tips can help improve your vigilance concerning social engineering hacks.

Don’t open emails and attachments from suspicious sources – If you don’t know the sender in question, you don’t need to answer an email. Even if you do know them and are suspicious about their message, cross-check and confirm the news from other sources, such as via telephone or directly from a service provider’s site. Remember that email addresses are spoofed all of the time; even an email purportedly coming from a trusted source may have been initiated by an attacker.

Use multifactor authentication – One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise. 

Be wary of tempting offers – If an offer sounds too enticing, think twice before accepting it as fact. Googling the topic can help you quickly determine whether you’re dealing with a legitimate offer or a trap.

Keep your antivirus/antimalware software updated – Make sure automatic updates are engaged, or make it a habit to download the latest signatures first thing each day. Periodically check to make sure that the updates have been applied, and scan your system for possible infections.