Loricca defines social engineering as gaining unauthorized information by deception, including fraudulent activities meant to gain access to computer systems that are protected by passwords, user IDs, etc.
It is the art of manipulating or tricking people into performing certain actions or divulging confidential information to obtain sensitive data through fraud or unauthorized computer system access.
Social Engineering is a non-technical kind of intrusion that relies heavily on human interaction and often involves deceiving individuals so that they will break normal security procedures. In some cases, the attacker never comes face-to-face with the victim.
Social Engineering Tactics
For example, a person may use social engineering skills on a company staff member who is an authorized user to breach a computer network by getting them to reveal login and access information that compromises the security of the company and its sensitive data. Social engineers, acting like fellow staff members, utilize the weaknesses and natural helpfulness of individuals to get the information they need. They may call the authorized workforce member with some kind of urgent problem that requires immediate login data and/or network access. Sometimes, malicious social engineering techniques involve simple observation or eavesdropping to get sensitive information. A company’s workforce needs to be made aware of these techniques and should attend regular security awareness training.
Social engineering has been linked to many types of exploits and information breaches. Virus authors routinely use social engineering as one of the tactics to get people to click on an innocent-looking phishing email attachment that includes malware. There has also been an increase in the number of ‘scareware’ vendors that use social engineering and popups to frighten people into downloading dangerous unauthorized software on their desktops or laptops.
Avoiding Social Engineering Schemes
Social engineers exploit the fact that most people are not aware of the value of the information they possess (and have access to) and are careless about protecting it. People need to be aware of what types of information are business-sensitive and/or protected by laws/regulations.
Loricca’s IT security experts predict that social engineering will become the greatest threat to an organization’s security system. Prevention includes an ongoing education process for every employee. Loricca provides tools and help for employee training including:
- Monthly IT Security Tips you can share.
- Assistance with the creation and implementation of appropriate corporate policies, and
- Security Awareness Training to demonstrate the company’s commitment and expected adherence to security procedures.
To speak with one of our Social Engineering Experts or Security Awareness Trainers, please contact us today for more information.