Introduction
As technical attacks on systems have increased, so have numerous technology based countermeasures being used successfully to thwart them. As a result, attackers are shifting ?their focus ?and are increasingly targeting ?people? through the use of ?social engineering methods, often gaining unnoticed access to computer systems and sensitive data. This is due to ?the widely accepted fact that People are the ?weakest links? in a security framework. In the era of laws and legislations such as SOX (Sarbanes-Oxley), GLBA (Gramm-Leach-Bliley Act), HIPAA (Health Insurance Portability and Accountability Act) and more, it becomes imperative for everyone to prepare, defend and react to these attacks.
What is Social Engineering?
Social engeneering is same as hacking but it is termed as social engneering because here attacker uses human interaction (social skills) to obtain? information about an organization or its computer systems. An attacker may seem trustworthy or reliable and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity.
Social ?Engineering ?is ?a ?collection ?of ?techniques ?used ?to ?manipulate ?people ?into performing actions or divulging confidential information. While similar to a confidence trick or a simple fraud, the term typically applies to trickery for information gathering or computer ?system access. In most of the cases the attacker never comes face-to-face with the victims and the latter seldom realize that they have been manipulated.
Why Social Engineering?
Social Engineering uses human error or weakness (i.e. ?cognitive biases?) to gain access to any ?system despite the layers of defensive security controls that may have been implemented. A hacker may have to invest a lot of time & effort in breaking an access control system, but he or ?she will find it much easier in persuading a person to allow admittance to a secure area or ?even to disclose confidential information. Despite the automation of machines and networks today, there is no computer system in the world that is not dependent on human operators at ?one point in time or another. Human interfaces will always be there to provide information and perform maintenance of the system.
Key Challenges
Despite the humungous security threat posed by Social Engineering, very little is ever highlighted about it. Primary reason for the lack of discussion about Social Engineering can be attributed to shame. Most people see Social Engineering as an attack on their intelligence and wit, and no one wants to be considered ignorant or dumb to have been duped. This is why Social Engineering gets hidden in the closet as a "taboo" subject, whereas the fact is that no matter who a person is, he / she may be susceptible to a Social Engineering attack.
Download your Reports for Social Engineering
Advertisement