Imagine a sophisticated scam so seamless that it tricks a reputable company into losing nearly $60 million in days. This is precisely what happened to Chinese plane parts manufacturer FACC in a “CEO fraud scam.” Scammers impersonated high-level executives and manipulated employees into transferring funds.
In the aftermath, FACC grappled with the financial loss and became embroiled in legal battles, attempting to hold its CEO and finance chief accountable for their alleged inadequate internal security controls.
This dramatic incident underscores a critical truth: cybersecurity is no longer just an IT issue but a business imperative that demands attention at all levels of an organisation. Gartner forecasts that by 2024, CEOs could be personally liable for breaches, highlighting the escalating importance of robust cybersecurity measures.
Social engineering, manipulating individuals into divulging confidential information, presents a substantial risk in today’s data-driven world. During the pandemic, many found themselves more vulnerable to such attacks. Madeline Howard from cybersecurity firm Cygenta has highlighted the growing prominence of social engineering risks, underscoring the need for enhanced vigilance.
There is a global rise in social engineering scams. Here is what cybersecurity experts believe companies in the Middle East need to do:
Implementing advanced cybersecurity tools
Meriam El Ouazzani, Regional Director, Middle East, Turkey, and Africa, at SentinelOne, highlights the importance of leveraging advanced technologies. “Due to its growing digital infrastructure and economic significance, social engineering attacks increasingly target the Middle East. For example, the UAE experienced 3.4 million phishing attacks in Q2 of 2022, marking a 230 per cent increase from the previous year.”
To combat this trend, companies invest in advanced cybersecurity tools that use artificial intelligence and machine learning to detect and prevent social engineering attacks in real-time. These tools help identify suspicious patterns and anomalies in communication and user behaviour, enhancing security. El Ouazzani emphasises, “By adopting these technologies, we can stay one step ahead of cybercriminals who continuously evolve their tactics.”
Building a culture of cybersecurity awareness
Ned Baltagi, Managing Director – META at SANS Institute, underscores the importance of cultivating a strong culture of cybersecurity awareness. “Many Middle Eastern companies have begun implementing comprehensive training programs to educate employees about social engineering tactics such as phishing and pretexting. These programs are crucial as they empower employees with the knowledge and tools to proactively recognise and respond to cyber threats.”
Baltagi further explains, “It’s not just about technology; it’s about creating a mindset where every employee understands their role in cybersecurity. This involves regular training, simulated phishing exercises, and fostering an environment where employees feel comfortable reporting suspicious activities.”
By training staff to recognise and respond effectively to social engineering tactics, companies can create a robust human firewall against attacks. This proactive approach is essential in mitigating the risks associated with social engineering.
Adopting a multi-layered approach
Ram Vaidyanathan, Chief IT Security Evangelist at ManageEngine, outlines a multi-layered approach companies in the MENA region are adopting to tackle social engineering attacks. “First, companies are using next-gen SIEM solutions to monitor their networks. An effective SIEM solution alerts security personnel whenever an anomaly takes place. Each anomaly, taken in context, could indicate a social engineering attack.”
Vaidyanathan also stresses the importance of regular employee training sessions. “Many companies conduct regular training sessions to educate employees about different forms of social engineering attacks, such as phishing. These sessions should include examples of real-world scenarios and best practices for identifying and responding to suspicious requests.”
Additionally, Vaidyanathan points out the necessity of multi-factor authentication (MFA) and strong identity and access management (IAM) policies. “MFA and IAM policies ensure that only authenticated and authorised users have access to sensitive information, significantly reducing the risk of successful social engineering attacks.”
The role of AI in social engineering attacks
The evolution of technology, particularly artificial intelligence (AI), has added new dimensions to social engineering. A notable example is the OKTA hack, where attackers gained access through social engineering, compromising an employee’s laptop. This breach escalated, affecting multiple companies. As the incident illustrates, AI and deep fake technologies are increasingly used to mask identities, making it easier for attackers to deceive victims.
Mayuresh Dani, Security Research Manager for the Qualys Threat Research Unit (TRU), elaborates, “With AI and deepfake technology, it has become easier for people to mask their identity and launch these attacks on a much larger scale.”
Dani also highlights the increasing sophistication of social engineering attacks, stating, “There are cases where attackers have used deepfake videos to impersonate executives and trick employees into transferring millions of dollars. The use of AI in these scams makes it harder for individuals to discern authenticity.”
This development underscores the urgency for organisations to stay vigilant and adopt advanced security measures to counteract these sophisticated threats.
Emphasising proactive cyber practices
Bernard Montel, EMEA Technical Director and Security Strategist, emphasises the need for proactive cyber practices. “Regarding cyberattacks, including social engineering hacks, we know that threat actors’ attack methodology is neither advanced nor unique. Attackers see many ways in and multiple paths through environments to do damage and monetise their nefarious efforts.”
Montel explains that social engineering attacks often trick someone into divulging information or performing an action that benefits the attacker. “With social engineering, threat actors will focus on ‘tricking’ someone to divulge information or do something that gives the attacker an advantage. That could be disclosing user credentials, downloading a malicious program, or granting access that provides a toe-hold into the network.”
He adds, “Security teams need to be able to map every cloud asset, identity, and risk to identify toxic combinations and attack paths that pose the greatest threat to the business. Protecting everything is soul-destroying, given that it’s practically impossible. By focusing resources on what poses the greatest risk and understanding how attackers chain multiple flaws, security teams can design more complete strategies that expose where they’re most at risk and close the priority gaps to protect against attacks.”
Responding swiftly to incidents
Roman Flepp, Marketing Director and Member of the Board at Threema, discusses the impact of social engineering on organisations and the necessary responses. “Humans are the weakest link in the security chain of organisations, and social engineering exploits human error to gain private information or access to IT systems.”
Flepp advises organisations to react swiftly to such incidents by isolating affected systems to prevent further damage. “Organisations should be able to rely on established protocols that ensure employees report incidents immediately to a designated security team. Once an incident is identified, it must be investigated and accurately assessed.”
Flepp continues, “Notification is a crucial step. Apart from regulatory bodies, stakeholders, employees, customers, and partners must be informed with details about the damage and the steps that are being taken to mitigate it. Finally, the identified security gaps should, of course, be closed as quickly as possible. The recovery phase also includes resetting passwords, enhancing security protocols, and providing additional employee training.”
Enhancing employee training and vigilance
Flepp also emphasises the importance of ongoing and comprehensive employee training. “Regular training sessions are far more effective than one-time events and allow for the inclusion of the latest social engineering techniques and trends. Up-to-date, real-world examples help employees recognise and respond to potential threats.”
In addition to training, companies are implementing robust authentication protocols, including multi-factor authentication (MFA), to add an extra layer of security. Access controls and privilege management ensure that employees have only the minimum necessary access to systems and data required for their roles, reducing the risk of successful social engineering attacks.
Collaborative efforts and information sharing
Companies in the Middle East are also prioritising collaboration and information sharing among themselves, government agencies, and cybersecurity experts. By sharing threat intelligence and best practices, stakeholders can collectively strengthen the region’s cybersecurity defences and minimise the impact of social engineering attacks.
El Ouazzani notes, “The collaboration within the cybersecurity community in the region has been noteworthy. Events like the GISEC Global 2024 in Dubai have facilitated vital knowledge-sharing and collaboration platforms. Here, cybersecurity leaders from various sectors convene to discuss best practices and innovative strategies to bolster cyber resilience across the region.”
The Middle East is making significant strides in combating social engineering attacks through advanced technological solutions, employee training, and proactive cybersecurity practices. By fostering a culture of cybersecurity awareness and collaborating within the cybersecurity community, companies in the region are better equipped to protect their digital assets and maintain robust defences against evolving cyber threats.
Commitment to continuous improvement and adaptation will be essential as cybersecurity threats evolve. The lessons learned, and strategies implemented in the Middle East serve as a valuable blueprint for organisations worldwide, emphasising that a comprehensive and collaborative approach is crucial in the fight against social engineering and other cyber threats.
