Week 8 Topic and New Article Regarding Social Engineering
“Social Engineering” is underestimated as a likely security threat to many organization; the likely assumption by many is that it is not going to happen to me. However, recent trends and studies support that the weakest link in organizations still remains the human factor. Thus it will pay dividends to educate your human capital on how to prevent, detect and correct behaviors that make it easier hackers to social engineer you and your organizations.
Social Engineering, also referred to “People Hacking” (Harl) is an art, which does involve deception. Many would say that the end justifies the means when it comes to Social Engineering; the attacker usually follows the same pattern to ensure effecient infiltration into an organization. Starts by obtaining data/reconnaissance, then developing relationships and/or developing an asset which will be used at a future date to exploit. Upon exploitation, the attacker ensures that the deception is successfully executed.
Motivation for committing social engineering attacks are numerous. They vary from monetary gains, social as well psychological causes.
Techniques for carrying out such attacks are numerous; it is varied and is dependent on opportunity and ability realized and possessed by the attacker. Opportunity can present itself in a form of shoulder surfing among other means such as dumpster diving, mail-outs, etc. If abilities are there then the attacker may choose in performing forensic analysis on hard drives, removable media such as memory sticks, DVD/CDs, etc.
Only by understanding the significance of Social Engineering threat and the ways it can be manifested, can then begin to set different safeguards and counter-measures to protect you and your organization.
Article on Social Engineering. Article from SC Magazine confirms that 2015 phishing attacks are on the rise; being that
it only requires low-effort methods proving to be lucrative for cybercriminals.
For further information, please refer to the link below.