To:
From:
Date: 4/20/2022
RE: Insider Threat Vishing
BLUF (Bottom Line Up Front)
A vishing attack is a major insider threat that could result in losses of billions of dollars for an organization because of unauthorized access to corporate systems. Multi-factor authentication mechanisms are the most effective approaches to prevent vishing attacks because they provide a wide range of security tools for an organization.
Background
Insider threat is one of the common issues in the corporate and intelligence world. While it is often a high priority for senior management, the existing definition challenges have made it difficult for many organizations to identify and resolve this issue. According to the National Insider Threat Task Force, insider threat refers to the threat an insider poses to the U.S. national security when he/she uses his/her authorized access knowingly or unknowingly to do harm (Cybersecurity and Infrastructure Security Agency, 2020). However, insider threat extends beyond risks posed to the U.S. national security because it occurs in the corporate and intelligence world. It can include everything from forgetting to lock the computer. This essentially means that an insider threat is a security risk emanating from within the targeted organization through the intentional or unintentional acts of its internal stakeholders.
This organization is facing the risk of vishing, which is a security risk that falls under the general phishing attack. Vishing is a security risk that is carried out against the targeted organization to obtain sensitive information that could be used for identity theft or financial benefit. It entails the use of fraudulent phone numbers, text messages, and voice-altering software to trick users into providing sensitive information (Pangaro, 2020).
As the organization continues to rely on technology, vishing remains an insider threat...
If any internal stakeholder in the organization answers a call from a fraudulent phone number, he/she could provide cybercriminals with sensitive information that could result in huge losses. A successful vishing attack could give cybercriminals access to sensitive customer data, financial assets, systems, files, and trade secrets. If an internal stakeholder in the company participates in a successful vishing attack wittingly or unwittingly, the organization could lose at least $58,000. Pangaro (2020) notes that a successful...
…to have more layers of security or protection than limiting VPN connections. VPN connections can be restricted to managed devices, time of day, and monitoring access through installed certificates or hardware checks. On the contrary, MFA mechanisms give a wide range of tools to plug holes into a scammers attack surface. Some of these tools include checking IDs or state licenses to determine the authenticity of the user, picture matching, knowledge-based identification quiz, device assessment, and
biometrics. In addition, while VPNs are only for connections and cannot prevent unauthorized access to a system physically, MFA mechanisms offer protection against attempts to access a computer system physically.
Conclusions and Recommendations
MFA mechanisms and restricting VPN connections are among the most suitable solutions to preventing vishing attacks against corporate systems. These solutions achieve this by adding extra layers of security to corporate systems. However, MFA mechanisms would be more effective than restricting VPN connections because of a wide range of security tools. Therefore, the order recommendation for the organization is to adopt MFA mechanisms for its corporate systems because of their wide range of security tools. Using MFA mechanisms…
