Of Social Engineers & Corporate Espionage Agents: How Prepared Are SMEs in Developing Economies?

The purpose of this study is to create the awareness of cyber-security threats due to social engineers and corporate espionage agents, and to offer some mitigation measures aimed at minimizing the impact of insider attacks on SMEs in developing economies. Loyal and trusted employees can pose enormous and catastrophic cyber-risks to SMEs, in view of their insider-ness, access privileges and knowledge of the systems as well as associated inherent vulnerabilities. Cyber-security functionaries and chief-level officers were surveyed on various metrics of insider attacks and incidents. The findings indicate that financial and ICT oriented SMEs are mostly targeted, and the impact range from loss of sensitive data, loss of corporate resources, loss of market share as well as loss of customer and investor confidence. Since most social engineers capitalize on the end-user vulnerabilities and their sense of social norms, effective mitigation measures offered are human centric in nature. Personal and corporate factors that are likely to motivate employees to become espionage agents ought to be addressed. Periodic and on-spot systems audit are to be carried out to effectively monitor any unnecessary and inappropriate access escalations. Policy on separation of duties must be enforced.