Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Social Engineering: Even Shakespeare understood security's weakest link

Kacy Zurkus | May 20, 2015
What do Shakespearean tragedies and security issues have in common? Both are overwhelmingly the result of human error.

othello iago

What do Shakespearean tragedies and security issues have in common? Both are overwhelmingly the result of human error. Othello is one Shakespeare greatest plays, and Iago is one of literature's first social engineers.

The hubris of Othello and the cruelty of Iago transcend time and generation because human beings are flawed. If this is true, then regardless of how impenetrable they believe their hardware and software programs to be, CSOs and CISOs can only do so much to build barriers around their organizations. In the end the security of their organizations are not contingent upon the strength of their hardware but at the mercy of hackers and the end users.

Will they believe their corporations are impervious to threats because they've been lucky up until now, or will they continue to build the layers of defense that will help to minimize the risk of being compromised?

Amanda Berlin, network security engineer at Hurricane Labs, said that the greatest weakness for any organization large or small, private or public is people. "People in general want to make customers and employees happy, so they trust the person on the other end of the phone or sending the email," Berlin said.

When looking at the threats that have made the security of corporations most vulnerable over the past few years, from social networking to social engineering, the common denominator is the end user.

"Employees continue to be the biggest risk [for corporations]. They are the most frequent cause of mistakes and have the biggest consequences," said Marie White, President and CEO of Security Monitor.  

As hackers become more sophisticated, the risks become greater that end users will fall victim to their scams.

"There are new risks in clouds. Phishing has been tied back to major data breaches, and it's not just email. Social media phishers are getting much more sophisticated," White said.

From password security to information sharing to other seemingly innocent acts that are making accounts vulnerable, "people are putting too much information out there, and it's very easy to social engineer someone when you know a lot about them," said Lesley Carhart, security incident response lead at Motorola Solutions.

Though hackers have somewhat diverted from using social media as a means of infiltrating organizations, the cumulative data available on sites like LinkedIn makes accessing information really easy for those with malicious intents.

Hackers don't need to be savvy to search through online profiles. Carhart said, "they can scan through information and see what people have on their resumes, where they worked, what kind of firewalls that company has, what security teams people worked on. It's easy to hack using open source."


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.