Overview

One of the main techniques cyber attackers use to compromise your computers and steal your information is called social engineering, also known as the art of human manipulation. This is when attackers pretend to be someone or something you know or trust, such as your bank, a government organization or even a friend or coworker. They then leverage that trust to get what they want, often by simply asking for it.

path of least resistance

A malicious hacker knows he can spend hours, weeks, or even months trying to brute force his way to a password or make one phone call with the right pretext and perfect questions to get the same password and more in only a few minutes. An attacker can utilize dumpster diving, sift through open source information, talk to a disgruntled employee, or walk into a business as a delivery person in order to gain full access to a network. The role played by social engineering becomes greater as software products become more secure and harder to crack. In order to develop a plan to protect from such attacks you must understand what tactics a social engineer will use, how they will use them, and what methodology they will employ in their attack cycle.

on the rise

Over the past several years, the incidents of social engineering tactics used in cases of fraud and data breaches have continued to increase. Reports released by industry leaders such as Sophos, Verizon Enterprises, and Kaspersky all indicate that social engineering tactics (phishing, vishing, and impersonation) are being used in conjunction with digital hacking methods to make attacks more effective.  The only way to protect against these attacks is through training of a security focused culture within your organization. Attackers know that most of the time an employee doesn’t realize they are doing something wrong or the value of the information they are disclosing, which creates a perfect atmosphere for a breach.