Vegas Giants Lose Millions to Cybercriminals
MGM Resorts and Ceasars Entertainment announced that in early September they were affected by cyber-attacks. Viral videos showing empty casinos with error-screened slot machines show the catastrophic damages these organizations faced. But how can an entity of this caliber be vulnerable to cyberattacks of such magnitude? It can stem from various factors, but in this instance, social engineering tactics were used to gain access to systems. In this blog, we’ll discuss what social engineering is and how to defend against such attacks so that your business doesn’t fall into a similar situation.
What Is Social Engineering?
Typically, in early stages of cyber-attacks, social engineering methods are utilized to manipulate the employees of a business so additional attacks can follow. When a cybercriminal can convince an employee to take some type of action like downloading a malicious program or providing sensitive information, defenses that are in place may be rendered less effective. Social engineers are experts at making their targets believe them. They spend time learning about who they are speaking with, whether it is via public information or other sources, so they can make their malicious activity seem legitimate. While typical cyber-attacks occur via a phishing link or ransomware; social engineering occurs often in unexpected ways like a phone call or social media. There have even been instances where an internal tool for an organization was compromised and then used for social engineering attacks.
Defending Against Social Engineering Attacks
Even with established technical solutions, social engineering attacks still can occur. Cybercriminals may initiate conversations via phone, email, social media, or as previously mentioned, even internal company tools. Company information that is posted online can also assist them in their endeavors. Some ways to combat these attacks include limiting the information you have online and taking extra measures to ensure requests are legitimate prior to acting. If there is less information for attackers to discover about a company or its people, the less likely it is for them to use that information for malicious reasons. Additionally, if you put in extra effort to verify with the proper individuals about a particular request, there is an extra layer of security to potentially avoid something detrimental happening to the business.
It’s obligatory that an organization makes sure their information, systems, and people are protected. Pittsburgh Computer Solutions provides organizations with 24/7/365 monitoring, in addition to specially tailored solutions to improve security posture. Contact us today at (724)942-1337 to find out how we can assist your business to prevent such attacks from occurring.