Subscribe

Engineering people

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 12 Jan 2017

ITWeb Security Summit 2017

Registration is already open for the 2017 Security Summit, which will host six international plenary speakers, #SS17HACK launch, four training courses to choose from, and much more. For the complete agenda, click here.

Although cyber criminals are a huge threat to businesses today, an even more dangerous threat to your organisation could be sitting a few offices down from you. He or she has access to your most proprietary and confidential data, and will have genuine login details for your systems. These people can also be easily manipulated into giving the wrong people the information they need to access company networks.

Cyber criminals know this, and have used social engineering to carry out many of the most high-profile cyber attacks in the past few years - attacks on media companies, security businesses, retail stores. All of these started because one person was tricked into doing something they shouldn't.

The reason social engineering is growing in popularity is because it works. Human nature is security's enemy unfortunately, and although most people understand the policies and procedures business have in place to protect our information assets, trust, integrity and good nature are used against people.

In this way, complex and sophisticated security measures are bypassed, and cyber criminals slip through the net, which is why today's security solutions and controls cannot hope to detect and prevent these types of attacks.

Social engineering is the perfect means to commit a plethora of dangerous exploits, and targets employees, usually at a specific organisation, tricking them in several ways.

Jenny Radcliffe, social engineer.
Jenny Radcliffe, social engineer.

These include phishing in e-mails; vishing which is essentially 'voice phishing' or scam phone calls; pretexting, or convincing an individual to disclose information through a pretext; tailgating, or an unauthorised person following an authorised employee into a restricted area; baiting or promising items or goods such as music or movie downloads to entice victims; quid pro quo, or offering an exchange of information, and finally spear phishing that tricks an individual into opening a mail that is so cunningly crafted and worded, they appear to be from a genuine contact, and would pass all but the closest scrutiny.

Information security practitioners understand how widespread and dangerous social engineering is, and that all the security measures available cannot hope to prevent these types of attacks. So what should businesses be doing?

At the ITWeb Security Summit 2017, to be held from 15 to 19 May at Vodaworld in Midrand, social engineer Jenny Radcliffe will be running a two-day Social Engineering Awareness Training course, teaching inexpensive ways to spread awareness and help protect employees of all levels from people-based hacks.

Share