What is Social Engineering? 4 Ways we Let it Happen
In recent years, social engineering has become a big problem. This is due to a couple of different factors, such as: inadequate training, companies not thinking security is a big deal, and the threats getting more serious like Icloud Hacks. Studies have shown in that even after many of these high profile attacks in recent years people are still very trusting, responding especially well to endearment. If we don't pay attention, this problem is only going to worsen. Since people use so many different ways to communicate indirectly, it makes it really easy to use these tactics if you know what you're doing. So, let's go over each problem to come up with a counter to it. Although before we get to that, we need to discuss an example of social engineering to get an idea of what is done.
Example of social engineering:
Tom is calling Dave up, Dave works at the IT Department of his company. Tom pretends to be from a different IT Department at another location. He is asking Dave about the code to the main server that holds research data for the company. He says the board of executives need to look at research data from the past six months. The problem is his boss in his IT department lost the code to access it, he wrote it down and had it hidden with all of his junk in his desk. One day he threw it away by accident and has been relieved of duty due to his incompetence. Tom says he is now the interim head of his department, so the board said he should call Dave to get the code. Dave says he understands and gives him the code. Tom uses the code to download a copy of ALL of the research data, then destroys the originals on the server, in addition to all of the backups. After that, he crashes the system, thus physically destroying it. Tom got all of his information, and since he did his research beforehand, he saw there really is someone named Tom at the IT department he said he worked from. The fake Tom calling is actually named John. So the real Tom gets fired and put under investigation, and because of the severity of the attack is wrongfully put in jail, leaving John a free man with everyone none the wiser.
How This Scenario Could Have Been Prevented?
Inadequate training - Be prepared
Inadequate training can make or break your employees' vulnerability to social engineering. I'm not talking about standard job training, instead I am talking about dealing with customers and (supposedly) fellow employees. Many times a social engineer pretends to be a customer or a fellow employee to gain information on something or get access to somewhere (piggybacking). Having someone practice social engineering tactics on your employees is a great way to have them learn the signs and react accordingly to prevent this form of attack.
Companies not taking security seriously
Another problem that is slowly improving, is companies not taking security seriously. After seeing so many different places get hit, companies are slowly changing their tune. But it is going to be a while before every company understands the benefits of taking security seriously. This problem is not only linked to social engineering, but with computer security and integrity overall. When a company hires a security firm to conduct a security audit on their systems, most of the time they don't listen to the recommendations of the security auditors saying that it won't happen to them. Therefore, listening and following security auditors' recommendations increases your odds of preventing an attack.
Threats are adapting and evolving
The enemy is getting more cunning by the day, willing to step up their game because they see they are NOT being opposed. This must not be the case to stop them though. With each successful attack they are only going to get bolder. Each time they succeed, they not only want to achieve greater feats, but to best each other, as well. While there is not much we can do about this, we can try to prevent them from going bolder by being two steps ahead of them in terms of security measures.
People getting too friendly
A very successful tactic that works wonders is using endearment. Simply put showing you care and being friendly, you know going the extra mile. Acting this way when working with a victim really opens them up to attack, because you care they are more likely to help you even if they know they shouldn't. So putting your guard up for people that are acting a bit over the top friendly can help prevent attacks.
I hope this post helped you understand some different ways we leave the door open for them. I also hope you can use this information to help protect yourself from the effects of these attacks. Fixing these problems could really drop the amount of attacks we have all the time.