Picture
SEARCH
What are you looking for?
Need help finding what you are looking for? Contact Us
Compare
Free Samples
IT Security

PUBLISHER: IDC | PRODUCT CODE: 1800378

Cover Image

PUBLISHER: IDC | PRODUCT CODE: 1800378

Impersonating Trust: How Threat Actors Leverage Familiar Systems to Breach IT Defenses

PUBLISHED:
PAGES: 10 Pages
DELIVERY TIME: 1-2 business days
REQUEST FREE SAMPLE
REQUEST CUSTOMIZATION
SELECT AN OPTION
PDF (Single User License)
USD 7500

Add to Cart

Description

Table of Contents

This IDC Perspective discusses phishing and other social engineering attacks that put personnel in your organization in direct contact with sophisticated adversaries on a regular basis. These attackers use knowledge of your organization and the systems it uses to craft pretexts that coerce employees into divulging sensitive information and credentials. Threat actors are increasingly using tactics where trusted personnel and internal and third-party IT systems are impersonated as part of these pretexts. These deceptive schemes turn the trust your employees and customers have in your IT organization against them, with often devastating results.Addressing this risk exercises all facets of an IT organization's security program. Prioritizing defense against this threat is well worth the effort. Not only does this work put your organization's security posture in a better place against other foreseeable threats, but it can also be a catalyst that fosters a healthy awareness of the paths to success for an attacker and the psychological factors involved in these attacks.This document discusses this evolving tactic and enumerates technical mitigations that can be used on IT and other core infrastructure systems to make attacks of this form less likely to succeed. We also discuss a number of activities that can be used to put these risks in context and identify gaps in your IT organization's security posture."Sophisticated threat actors tailor their phishing campaigns to the responsibilities and workflows of targeted personnel. IT personnel deal with notifications and alerts from systems they manage as part of their daily responsibilities. A well-crafted phishing campaign that mimics a familiar IT system is an effective tactic for bad actors to quickly gain access to sensitive IT credentials and systems," says Joel Sandin, adjunct research analyst, IT Executive Programs (IEP), IDC. "Understanding these attacks, educating personnel, and fortifying IT systems against this threat is well worth the effort."

Show more
Product Code: US53731625

Executive Snapshot

Situation Overview

  • Motivating Example
  • Why Attackers Target IT Personnel
  • Reconnaissance for Spear Phishing
  • Understanding the Psychology of Pretexts
  • Summing Up: Why This Pretext Works

Advice for the Technology Buyer

  • Recommendations
    • Establish Comprehensive Technical Controls
    • Perform Risk Assessment for IT Services
    • Implement Mitigations Based on Service Risk

Learn More

  • Related Research
  • Synopsis
Show more
Have a question?
Picture

Jeroen Van Heghe

Manager - EMEA

+32-2-535-7543

Picture

Christine Sirois

Manager - Americas

+1-860-674-8796

Questions? Please give us a call or visit the contact form.
Contact Us +1-866-353-3335
Hi, how can we help?
Contact us!