Social Engineering

Social Engineering

To secure networks and hosts, organizations often deploy the network security solutions and latest anti-malware solutions for their hosts. However, they still have not addressed the weakest link … the users.

Social engineering is likely the single most serious threat to a well-configured and well-secured network.

Cybercriminals use social engineering techniques to deceive and trick unsuspecting targets to reveal confidential information or violate security gain information. Social engineering is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information.

Social engineers prey on people’s weaknesses and often rely on human nature and people’s willingness to be helpful.

Note: Social engineering is often used in conjunction with other network attacks.

The image depicts a pointing finger highlighting a button on a digital screen titled Social Engineering.

Social Engineering Techniques

Social Engineering Techniques

There are many different ways to use social engineering techniques. Some social engineering techniques are used in-person while others may use the telephone or Internet.

Social Engineering Techniques

For example, a hacker could call an authorized employee with an urgent problem that requires immediate network access. The hacker could appeal to the employee’s vanity, invoke authority using name-dropping techniques, or appeal to the employee’s greed.

Protecting Against Social Engineering

Enterprises must train and educate their users about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.

The figure lists recommended practices that should be followed by all users.

The image is a circle of text bubbles surrounding the main concept: Protecting against social engineering attacks. Never give your username / password credentials to anyone. Never leave your username / password credentials where they can easily be found. Never open emails from untrusted sources. Never release work related information on social media sites. Never re-use work related passwords. Always lock or sign out of your computer when unattended. Always report suspicious individuals. Always destroy confidential information according to the organization policy.

Leave a Reply

Your email address will not be published. Required fields are marked *