Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Social engineering stories from the front lines

George V. Hulme | Jan. 30, 2015
It's always amazing how little attention social engineering attacks get when discussing enterprise information security risks. After all, it's usually easier to get an unsuspecting employee to click on a link than it is to find an exploitable vulnerability on a reasonably hardened webserver. Social engineering attacks come from many different angles: from targeted e-mails, phone call pretexting, or acting like a service technician or other innocuous person to obtain access to the IT resources and data they seek.

In reaching out to social engineers, we couldn't find any who had been doing such work for more than a few engagements who hadn't been successful in pushing their attack further through social engineering techniques. All too often, it seems, no matter how hardened the IT infrastructure, or the security technologies in place, there's always going to be employees who hand over the keys to the kingdom — or at least raises the drawbridge when asked nicely, or with authority.

This is why Blow advises more companies to invest some of their security budget to social engineering engagements. "Not only does it help train your employees with a real-world scenario, but it also will help strengthen your company's incident response program," he says. "Hopefully your company has one of those."

 

Previous Page  1  2  3  4 

Sign up for CIO Asia eNewsletters.