An organization’s customers have suffered a number of data breaches through successful social engineering attacks. Which is the most effective preventative technical control to reduce the risk of future occurrences?
An organization’s customers have suffered a number of data breaches through successful social engineering attacks. Which is the most effective preventative technical control to reduce the risk of future occurrences?
Multi-factor authentication is a technical control that adds an additional layer of security by requiring users to provide multiple forms of verification before gaining access to a system. This helps in significantly reducing the risk of unauthorized access even if the attacker manages to obtain the user's credentials through social engineering. By demanding an additional verification step, such as a code sent to a mobile device, it becomes much more difficult for attackers to successfully breach data.
It should be B
Training and awareness (B) is not a technical control. It’s a type of administrative control that can help educate users about the risks of social engineering attacks and how to avoid them, but it does not provide a technical barrier to these attacks.
The most effective preventative technical control to reduce the risk of future occurrences of data breaches through social engineering attacks is D. Multi-factor authentication. Multi-factor authentication adds an additional layer of security by requiring users to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. This makes it harder for potential intruders to gain access and steal personal data or identities