Kisco Systems

Kisco U

Defending against Social Engineering attacks

Home : Kisco U : Defending against Social Engineering attacks

Social Engineering is a low-tech cybersecurity attack in which a hacker impersonates someone in the organization, usually by calling help desk to request a password change. Once this is done, the hacker has access to the system.

Here are some strategies to defend against this style of attack:

Enforce strong passwords

While not necessarily a defence from social engineering, strong password rules are fundamental to user account protection. And, if you have automated password resets (see below) then strong passwords will stop the hacker guessing your old password and changing it themselves.

Real time monitoring for password changes

Password changes are logged in the IBM i security audit journal. Our iEventMonitor software watches the audit journal in real time. You can configure it to send alerts immediately when the password for a powerful user account changes.

Implement multi-factor authentication

Use i2Pass to instantly add password protection to any user profile. The targeted user will either receive a DUO notification or an authorization code in an email. Either way, the user will realize their profile is being comprised and furthermore, the login process will be blocked.

Automate password management

Stop calling help desk to change IBM i passwords! Our iResetMe product automates password management on IBM i. User can change their own passwords using a self-service web portal. This will shut down the social engineering attack because the hacker will not be able to access the portal.