The Biggest Vulnerability in Your Network? It’s You.
By Luke Robbins
As cybercrime becomes more and more sophisticated, hackers have developed advanced attacks utilizing everything from machine learning tools to self-propagating ransomware. But one of the most insidious and effective cybersecurity threats today doesn’t involve a single line of code: social engineering.
What is Social Engineering?
Social engineering, in the context of cybersecurity, refers to “psychological manipulation of people into performing actions or divulging confidential information.” It’s an alternative and a supplement to the technical side of cybercrime, a way for criminals to gather information and access without going through your business’s network’s defenses. Instead of taking on your security, they will target employees themselves, preying on people’s trustworthiness and emotions in order to get them to give up critical data.
You’ve seen it before, if in primitive form. In fact, you’ve probably been a target. Don’t think so? Does this ring a bell: Nigerian prince asking for help transferring millions of dollars, offering a percentage? A popup “from the FBI” claiming you’ve done something illegal on your computer, demanding you pay a fine?
Social engineering takes many forms, from these common email phishing scams all the way up to corporate espionage. Criminals target businesses big and small, and a single employee vulnerability can bring down the entire business. The list of techniques goes on and on, with attackers coming from all angles: baiting, phishing, spear phishing, pretexting, scareware…but one thing remains the same: as an employee, the target is you.
Social engineering might take the form of:
- Someone calling and pretending to be a network or account administrator and asking for the victim’s password to perform maintenance or fix an issue. In some business cases, the attacker may claim to be the employee’s CEO or other leader, leveraging that power relationship in order to extort the victim
- Claiming that the victim has won a prize…but first, the victim must turn over their credit card or banking information in order to receive it
- Sending a form that asks the victim to enter a new password for some unrelated reason, and then using the same password to access other accounts. Millions of people reuse the same passwords for everything, and are laid bare once that password is discovered
- Social networking attacks: so much of our information is online and publicly available. It is incredibly easy for criminals to spend a few days gathering personal information, so that when they contact (or impersonate) their victim, they have everything they need to put on a convincing front and get the information they’re after
Why Is Social Engineering Such a Problem?
Because it hits us when we’re most vulnerable, and where we’re most vulnerable. Why go toe-to-toe with iron-clad security measures when tricking people is so much easier?
By exploiting our most powerful emotions, skilled social engineers can manipulate people like putty. They target people’s vanity, their greed, and especially their desire to be helpful and kind. Even more than that, they target people’s ignorance and innocence.
Think about how careful you and your coworkers are with your company’s data. Do you have rigid processes in place for Go to the full article.