In reaching out to social engineers, we couldn't find any who had been doing such work for more than a few engagements who hadn't been successful in pushing their attack further through social engineering techniques. All too often, it seems, no matter how hardened the IT infrastructure, or the security technologies in place, there's always going to be employees who hand over the keys to the kingdom — or at least raises the drawbridge when asked nicely, or with authority.
This is why Blow advises more companies to invest some of their security budget to social engineering engagements. "Not only does it help train your employees with a real-world scenario, but it also will help strengthen your company's incident response program," he says. "Hopefully your company has one of those."
Sign up for CIO Asia eNewsletters.