The global and independent platform for the SAP community.
IT Management, MAG 24-11

When the hacker pretends to be a colleague: Preparing for cyber attacks through social engineering

A caller from the IT department who needs the password for a PC update, an email from the boardroom with a link to a website or a desperate text message from a colleague who can't access her computer - cyber criminals could be behind it all.
E3 Magazine
November 21, 2024
Content:
avatar
This text has been automatically translated from German to English.

Social engineering is the name given to the method by which employees are manipulated into disclosing confidential data. Almost one in two German companies (45%) have experienced such incidents within a year. 30 percent report isolated attempts, 15 percent even report frequent attempts. These are the results of a survey of 1003 companies with ten or more employees commissioned by the digital association Bitkom.

"On the one hand, cyber criminals use social engineering to gain access to IT systems. On the other hand, it may initially only be a matter of collecting important information, such as the names of direct superiors or the software used. Such information can also help to prepare another social engineering attack or carry out a cyberattack," says Felix Kuhlenkamp, IT security expert at the digital association Bitkom.

Bitkom gives four tips on how companies can better protect themselves against social engineering:

(1) Companies should conduct regular training courses to sensitize employees to the dangers of social engineering. They can learn how to recognize and report suspicious messages or requests.

(2) Define processes clearly and design them securely: Companies should define guidelines as to which information may be passed on by which means - by telephone or email, for example - and which may never be passed on, such as passwords. In addition, double security mechanisms such as the checking and confirmation of transfers or sensitive decisions by at least two or more people in different areas of the company should be implemented. This greatly minimizes the risks of manipulation by individuals or unauthorized access.

(3) Multi-factor authentication, which requires a code on the smartphone or a keycard in addition to the password, for example, makes it more difficult to use information obtained through social engineering. Attackers can therefore not penetrate IT systems as easily.

(4) In principle, companies should use security software such as spam filters or anti-phishing software to filter out at least simple attacks. In addition, special software-based systems can be used to detect unusual activities in your own network that indicate social engineering attacks. Artificial intelligence and anomaly detection often detect suspicious behavior and trigger an alarm in good time.

bitkom.org

Write a comment

Transformation backlog in the SAP community

Clean core

Sustainable solutions for individual needs: Taking the lead of tomorrow through today's innovations

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.