Social engineering preys on our trusting natures
Rob Rudloff //January 20, 2016//
Social engineering preys on our trusting natures
Rob Rudloff //January 20, 2016//
Cyber criminals want your information and your money ― both, if possible. Confidence scams are as old as human history, but in the modern age, they increasingly involve technology in an attempt to gain access to your computer systems, your information and, ultimately, your money. Cyber security professionals refer to these scams as social engineering attacks – using technology to facilitate the scams and take advantage of the natural human nature to trust.
The most prevalent technique most of us are familiar with is the use of “phishing” emails. Phishing attacks are emails designed to get you to click on a link, launch an attachment, call a phone number or make contact with a con artist. But did you know Social Engineering can involve phone calls, fake web sites, emails targeted at specific personnel and even physical activities? If you research Social Engineering, you will see terms like:
Some of these are petty criminals looking to make a quick buck by stealing your credit card information, selling your identity, or charging you for fake merchandise or services. The really dangerous criminals want access to your organization’s network, computers and applications so they can steal a large number of records, trade secrets, intellectual property or conduct major fraud.
Most of the major breaches reported in the press during the last three years can be traced back to a social engineering attack. In each case, the Social Engineering effort resulted in some access to the victim’s network, computers or applications. The attackers used their foothold to gain access to additional confidential systems so they could identify targets, collect data and exfiltrate the data from the victim’s environment. Once the attackers have the confidential data, they sell it to criminals, ransom it back to the victim or use it to publicly embarrass the victim.
If major retailers, entertainment companies, healthcare organizations and service companies with millions of dollars invested in technology can be compromised, what can smaller organizations do? Lots, actually. Technology is a great tool if used appropriately, but social engineering is based on taking advantage of human trust, and often smaller organizations have an easier time addressing training and trust issues. Here are a few ideas to reduce the risk from social engineering:
Technology advances continue to break down geographic barriers, enable new business opportunities and improve our efficiency, but they also increase our risks. Social engineering attacks take advantage of the technological advances while exploiting the weak points in our defenses, our people. The threats are present, the risks are real, so address them using the appropriate combination of the recommendations above that fit your environment. While there is no silver bullet, there are many ways to reduce the risk for your organization using the right combination of people, process and technology.