Shielding Your Business from Devastating Social Engineering Intrusions

Published: March 24, 2024

In today’s digital age, cyber threats are ever-present and constantly evolving. One particularly insidious tactic that cybercriminals use is social engineering, where they manipulate individuals into divulging sensitive information or granting access to secure systems. Healthcare organizations, in particular, have become prime targets for these types of attacks. According to a recent study by IBM, social engineering attacks have seen a staggering 50% increase in the healthcare sector over the past year alone. This alarming statistic underscores the urgent need for organizations to bolster their cybersecurity defenses and protect against these sophisticated threats.

Alarming Increase in Social Engineering Attacks

The Health Sector Cybersecurity Coordination Centre (HC3) recently issued an alert warning healthcare help desks about the dangers posed by advanced social engineers. These attackers use sophisticated techniques to bypass multi-factor authentication and gain access to corporate resources.

A Common Deception Tactic Explained

Consider this scenario: a threat actor calls the help desk, claiming to be from the finance team and stating that their phone is malfunctioning, preventing them from completing multi-factor authentication. They provide convincing verification, such as social security numbers and other personal information obtained through data breaches. The help desk, eager to assist, enrolls a new device in multi-factor authentication, unknowingly granting access to corporate resources.

Once inside, the social engineer targets login information related to payer sites and redirects fund transfers to their own accounts, resulting in financial loss and reputational damage for the organization.

Strategic Measures to Combat Social Engineering

1. Implement Call-back Verification 

Always verify requests for password resets or access changes by calling back to the requester’s phone number on record. Be cautious of excuses like being too busy to take a call.


2. Use Microsoft Authenticator with Number Matching

Utilize a system that sends a push notification (and random number) to the user’s device for verification. Ensure that all requests are initiated by the user.


3. Establish Conditional-Access Policies 

Block external entry into Microsoft Azure and Microsoft 365 accounts to prevent unauthorized access.


4. Educate Help Desk Personnel 

Train help desk employees to recognize social engineering tactics and adhere to strict verification procedures for password resets and access changes.

Our Commitment to Your Cybersecurity

At Accent Consulting, we understand the critical importance of cybersecurity in today’s digital landscape. With ransomware threats becoming increasingly sophisticated and difficult to detect, it’s imperative for businesses to remain vigilant. By staying informed, implementing robust security measures, and educating employees, organizations can effectively safeguard their valuable assets and data from cyber-attacks.

If you’re looking for expert guidance on enhancing your organization’s cybersecurity posture, contact us today. Our team of professionals can help you protect your business from evolving cyber threats and ensure that your systems remain secure.

Talk to a Cybersecurity Expert Today!

Recent Posts

Schedule a DISCOUNTED Cyber Security Risk Assessment

For a limited time, qualifying businesses can gain insight to their security risks for a discounted rate! We’ll provide a comprehensive cybersecurity assessment, complete with an analysis of vulnerabilities and backup & disaster recovery plan. This offer is good on a scan of up to 100 endpoints.

Learn More