Social engineering attacks: What MSPs need to know

As we kick off Cybersecurity Awareness Month, we are highlighting one danger that managed service providers (MSPs) must constantly monitor: social engineering.

According to Verizon’s 2024 Data Breach Investigations Report:

Social engineering incidents have increased from the previous year largely due to Pretexting, commonly used in business email compromise (BEC), which almost doubled since last year. Compounding the frequency of these attacks, the median amount stolen from these attacks has also increased over the last couple of years to $50,000.

The use of pretexting by hackers (creating a fake story to trick someone into giving out personal information) is increasing. According to the Verizon report, the most convincing social engineers can get into your head. They gather information about you and your loved ones to make you believe the message is genuinely from someone you know. Using this invented scenario, they play on your emotions to create a sense of urgency.

MSP strategies to combat social engineering

“MSPs can create custom phishing detection and employee training programs that are designed specifically for their clients’ environments,” explains Jon Morgan, CEO & Editor-in-Chief of business consulting service, VentureSmarter.com. “Instead of just relying on generic phishing simulations, MSPs can work with their Chief Information Security Officer (CISO) to develop targeted simulations based on the specific vulnerabilities and workflows of the organization.”

Morgan explains that simulations can mimic high-level fraudulent wire transfer requests, using a client in the financial sector as an example, and says, “These tailored training programs prepare staff members for attacks that are directly relevant to their specific roles.”

Additionally, Morgan adds that MSPs provide actionable feedback by continuously assessing the simulation results. At the same time, CISOs can audit the effectiveness of these strategies and recommend adjustments.

“MSPs should also implement artificial intelligence (AI)-driven, real-time behavioral analytics systems that are specifically tuned to detect anomalies associated with social engineering tactics,” Morgan recommends. Furthermore, he adds that these tools can flag unusual activities, such as an employee accessing sensitive information they don’t normally handle or logging in from an unfamiliar location. “And CISOs can play a huge role here in auditing and validating these systems to ensure they are properly calibrated to catch signs of social engineering attempts.”

Enhancing security through collaboration

This combination of an MPS working with an internal CISO allows for real-time monitoring and fast incident response. This is helping to prevent a phishing attempt or compromised account from escalating into a larger breach.

“MSPs can work closely with CISOs to perform detailed risk assessments that identify the most vulnerable entry points for social engineering within each client’s operation,” Morgan advises. “For example, employees who frequently handle financial transactions or HR data may be at higher risk. Based on these assessments, MSPs can design customized incident response plans tailored to each client’s specific needs.

Morgan also emphasizes that MSPs should enforce role-based access controls (RBAC). This practice limits employees’ access to only the data and systems necessary for their jobs. This significantly reduces the damage from social engineering attacks. “Social engineers often target low-level employees to gain access to higher privileges. MSPs can integrate advanced privilege monitoring tools that alert when unusual access requests or privilege escalations occur.”

Additional measures MSPs should take

Meanwhile, Cache Merrill, founder of software developer Zibtek, offers SmarterMSP.com readers some additional steps:

Strengthen human weakness: “There is a need for providing proper and continuing education of employees on active defense methods such as social engineering methods, as well as for performing periodic practice exercises with them,” Merrill says, adding that threats and attacks are always present. Testing keeps alertness high and helps maintain readiness.

Social media awareness: “Some attackers disguised as employees of an organization may use personal information and other details acquired from social network sites to persuade individuals to disclose sensitive information,” Merrill warns, urging policymakers to collaborate with clients and develop policies covering the ways of using social networking sites to avoid sharing of sensitive or personal information by employees.

Incident response planning: “An effective MSP incident response plan that is kept up-to-date and regularly revised and practiced enables both the service provider and their clients to be prepared from the moment that any breach occurs,” Merrill advises, adding that time is of the essence in responding to these sorts of attacks which way limits the damage from a social engineering attack.

Creating a cybersecurity culture: Merrill recommends that MSPs should establish a cyber safety culture within the client structures. This will help deter social engineering attacks. “Social engineering is a dynamic aspect of the threat landscape. It is important to cultivate a culture where every staff knows she or he plays a part in the security.”

Prioritizing social engineering threats

As Cybersecurity Awareness Month unfolds, MSPs must prioritize the threat that comes from social engineering tactics. By implementing best practices and tactics, MSPs can significantly enhance their cybersecurity posture. Adhering to these strategies will protect MSPs and their clients from financial and reputational damage. This proactive approach helps mitigate the risks associated with social engineering attacks. It will also strengthen the overall cybersecurity infrastructure against future vulnerabilities.

Photo: Mongta Studio / Shutterstock