Security News > 2020 > March > Social engineering: Mind the identity verification gap

Beyond compromised credentials, attackers leverage personally identifiable information gathered on specific targets to launch social engineering attacks or reset the victim's account password to take over the account.

Social engineers armed with data can easily source the answers to knowledge-based questions, which are the primary form of user authentication during a password reset, to take over the account.

Massive amounts of data enable attackers to exploit areas of weakness - compromised credentials, weak user verification methods, and unsuspecting users.

A 2018 Ponemon Institute report uncovered that 58% of SMBs experienced a data breach in 2018, and that phishing/social engineering continues to be the number one attack they experience.

With passwords serving as the primary form of authentication, organizations need to start with setting a secure password policy that eliminates low hanging fruit such as the use of easily guessable passwords or the use of leaked passwords.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/nbluDU1cdOA/