Social Engineering

Social Engineering news, analysis, how-to, opinion and video. | CIO

valentine hero
01 boring

fake lies pinocchio

What fake news means for IT—and how IT security can help fight it

The debate over fake news is roiling the political world, but elements of it look very familiar to tech veterans—and represent a potentially new attack vector that IT needs to worry about.

Graphic image of people running in rainbow lens

Hackers get around AI with flooding, poisoning and social engineering

Machine learning technologies can help companies spot suspicious user behaviors, malicious software, and fraudulent purchases -- but even as the defensive technologies are getting better, attackers are finding ways to get around them

windows server download update install

3 ways Windows Server 2016 is tackling security

Windows Server 2016 could be a generational shift in security on par with Bill Gates’ introduction of Trustworthy Computing in 2002.

red blue tools

Best tools for red and blue teams are methodology, experience

Since the tools vary based on environment, it's the skills and know-how that red/blue teams need most

00 intro

Not so startling revelations of how a hacker broke in

These 10 ways are becoming all too common approaches, but yet users still fall for them.

01 intro myth

Security myths that can make you laugh… or cry

To help organizations cut through the noise to focus on improving security structures, security experts identify industry myths and provide suggestions to avoid falling for them. 

candy strangers

5 social engineering scams employees still fall for

You’ve trained them. You’ve deployed simulated phishing tests. You’ve reminded your employees countless times with posters and games and emails about avoiding phishing scams. Still, they keep falling for the same ploys they’ve been...

6 social media

5 incredibly creative uses of social proof in marketing

Social proof promotes consumer confidence in an unbiased fashion, doing what traditional marketing and advertising can’t. Study these examples, including Mark Zuckerberg, Gogobot, the Colbert Bump, Netflix, and Pura Vida, to...

central station standing

Awareness training: How much is too much?

The goal of security awareness training is to help employees recognize and avoid security risks. The key, experts say, is to make them skeptical but not operate in a “constant state of distrust.”

classroom training

Is your security awareness training program working?

The metrics to use to determine where to make improvements in security awareness training

security phishing hook

New tech can help catch spearphishing attacks

Highly-targeted spearphishing attacks slip past spam and anti-virus filters, but new approaches that look for more subtle patterns can help reduce the threat

Phishing trends

What is phishing success?

A recent article asking the question to security professionals seemed to miss the mark, and raises more questions than it answers.

Q&A

How well does social engineering work? One test returned 150%

A conversation with a white hat hacker

video

Social engineering tricks and why CEO fraud emails work

At the Black Hat conference in Las Vegas, CSO’s Steve Ragan talks with Stephanie Carruthers, owner of Snow Offensive Security, about why business email compromise (aka CEO fraud) works so well against companies. She also discusses...

ransomware locked computer stock image cropped

Report: Only 3 percent of U.S. companies pay attackers after ransomware infections

Almost half of all companies have been the victims of a ransomware attack during the past 12 months, but 97 percent of affected U.S. companies did not pay the ransom, according to a new report.

board of directors

Spearphishing attacks target boards

With great power comes great responsibility -- and also a great big target painted on your head. At least, that's the case lately with corporate boards of directors and cybercriminals launching spearphishing attacks

ransomware

93% of phishing emails are now ransomware

As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today

0 intro gamify

7 reasons to gamify your cybersecurity strategy

Thanks to gamification, organizations are finding new ways to educate employees on the importance of cybersecurity, through gaming elements like one-on-one competitions, rewards programs and more.

Load More