● Security & Social Engineering

Are you familiar with social engineering and its ability to gain protected information about your network?  WhatIs.com defines social engineering as “a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.”  Most users know that they shouldn’t click on the links in a random email from a suspicious address, but what if you received one of those interactive holiday greeting emails that was made to look as if it came from a coworker?  Social engineers are counting on that degree of familiarity and acceptance to get you to click the malware-laden link.  In fact, that’s one of the examples cited in this article from Tech Republic, “Security’s weakest link: Technology no match for social engineering“, which illustrates the scary statistics:

“…it’s important to remember that most break-ins historically, and many still to this day, have nothing to do with technology. In fact they are carried out by people who rely primarily on the human factor, not devious code or malware creation.”

“In the end, what these experiments demonstrate is that social engineering is still a major threat today. Even in the controlled environment of pen-testing agreements, the DEF CON contestants and RSA research team members managed to gain access to most of the information that they needed. This includes the huge amount of private information that can be gathered from simple web queries. The winner of the DEF CON contest was not even a professional social engineer and scored most of her points through extensive information gathering.” – TechRepublic.com

Now that you are aware of the dangers of social engineering, what steps can you take to help prevent it?  As always, caution is of utmost importance when it comes to information about your network!

Comments are closed.