Shielding Your Business from Devastating Social Engineering Intrusions

Published: March 24, 2024

In today’s digital age, cyber threats are ever-present and constantly evolving. One particularly insidious tactic that cybercriminals use is social engineering, where they manipulate individuals into divulging sensitive information or granting access to secure systems. Healthcare organizations, in particular, have become prime targets for these types of attacks. According to a recent study by IBM, social engineering attacks have seen a staggering 50% increase in the healthcare sector over the past year alone. This alarming statistic underscores the urgent need for organizations to bolster their cybersecurity defenses and protect against these sophisticated threats.

Alarming Increase in Social Engineering Attacks

The Health Sector Cybersecurity Coordination Centre (HC3) recently issued an alert warning healthcare help desks about the dangers posed by advanced social engineers. These attackers use sophisticated techniques to bypass multi-factor authentication and gain access to corporate resources.

A Common Deception Tactic Explained

Consider this scenario: a threat actor calls the help desk, claiming to be from the finance team and stating that their phone is malfunctioning, preventing them from completing multi-factor authentication. They provide convincing verification, such as social security numbers and other personal information obtained through data breaches. The help desk, eager to assist, enrolls a new device in multi-factor authentication, unknowingly granting access to corporate resources.

Once inside, the social engineer targets login information related to payer sites and redirects fund transfers to their own accounts, resulting in financial loss and reputational damage for the organization.

Strategic Measures to Combat Social Engineering

1. Implement Call-back Verification 

Always verify requests for password resets or access changes by calling back to the requester’s phone number on record. Be cautious of excuses like being too busy to take a call.

 

2. Use Microsoft Authenticator with Number Matching

Utilize a system that sends a push notification (and random number) to the user’s device for verification. Ensure that all requests are initiated by the user.

 

3. Establish Conditional-Access Policies 

Block external entry into Microsoft Azure and Microsoft 365 accounts to prevent unauthorized access.

 

4. Educate Help Desk Personnel 

Train help desk employees to recognize social engineering tactics and adhere to strict verification procedures for password resets and access changes.

Our Commitment to Your Cybersecurity

At Accent Consulting, we understand the critical importance of cybersecurity in today’s digital landscape. With ransomware threats becoming increasingly sophisticated and difficult to detect, it’s imperative for businesses to remain vigilant. By staying informed, implementing robust security measures, and educating employees, organizations can effectively safeguard their valuable assets and data from cyber-attacks.

If you’re looking for expert guidance on enhancing your organization’s cybersecurity posture, contact us today. Our team of professionals can help you protect your business from evolving cyber threats and ensure that your systems remain secure.

Talk to a Cybersecurity Expert Today!

Recent Posts

Schedule a DISCOUNTED Cyber Security Risk Assessment

For a limited time, qualifying businesses can gain insight to their security risks for a discounted rate! We’ll provide a comprehensive cybersecurity assessment, complete with an analysis of vulnerabilities and backup & disaster recovery plan. This offer is good on a scan of up to 100 endpoints.

Learn More
We started using Accent Consulting for our IT needs this past year. Their professionalism and attention to details are excellent! I would recommend this company to anyone!
Dr. Loretta TaylorEvans, Taylor & Finney Eye Care
Accent's extensive preparation and planning at every step of the process, along with their willingness and ability to adapt that plan as things unfolded, greatly exceeded my expectations. Their rapid response to support inquiries is remarkable. Every question of mine was answered, or at least acknowledged, within minutes, not hours. From the earliest stages of our migration, it was clear I was working with very knowledgeable and capable people. Accent knows what they're doing.
Jason PetersonScholar Corporation
We have had a fantastic experience with Accent—the leadership, support and staff. Everyone is so kind and helpful. In addition, all are very knowledgeable in their fields. We have worked with other IT companies that made many promises about support, technical experience and assistance with projects that rarely delivered on any of it. That has not been the case with Accent. We are very pleased!
Meredith JacobsFort Wayne Radiology
With Accent, one email or call is enough to remove the burden of IT problems. The reachability and responsiveness of the staff continues to exceed expectations and the employees actually care about helping their clients. Hire Accent, they’re excellent at meeting the needs of their clients with flexible service and most definitely worth the investment.
Jackson WertTrue North Strategic Advisors
These folks did a GREAT job setting up our dedicated fiber line! Very professional and efficient. Highly recommend this company for all your IT needs! We liked them so much we decided to give them all our business in the future.
Daniel LeensvaartSummers Plumbing, Heating & Cooling
Previous
Next