Social Engineering

When individuals and businesses come up with security plans to protect their environment from computer hackers and cybercrime, the first thing that is usually put in place is a firewall. To add an additional layer of security, an Intrusion Detection System may be implemented in addition to the firewall. Wireless encryption, anti-virus software and the delegation of user privileges are some other common ways in which to keep a network more secure.

However, gadgets and security measures aside, one of the first and most effective methods that cyber criminals use to gain access to business networks is a tactic that many people are unaware of called Social Engineering and it doesn’t involve computers. Social engineering is a tactic pioneered by one of the most famous hackers of all time, Kevin Mitnick.

Kevin Mitnick, the most notorious hacker of his day, now works for a network security company helping businesses protect themselves from cybercriminals doing what he used to do best. In his biography, he explains the methods in which he used to gain access to numerous businesses networks and data. Before penetrating firewalls, scanning for open ports or doing anything over the wires, he would use social engineering to gain access effortlessly. Social engineering consists of contacting employees at a company, posing to be an authority figure and somehow tricking them into divulging information about log in credentials or passwords. If this didn’t work, then he would the computer to gain access.  

Common social engineering tactics come in the form of phone calls or E-mails. In these attacks, the hackers will pose as security professionals, law enforcement officers, fellow employees, or any number of other figures. They will then ask for credentials or information pertaining to the network of the business. It is important to remember that disclosing any personal information or more importantly usernames and passwords to anyone who isn’t a trusted source is never a good idea.

To find a great example on how easy it is to steal information by using social engineering, we don't have to look hard. This summer, an annual hacker convention called Def Con hosted its annual Social Engineering contest where the participants have two weeks to do research on a company. The contestants then had to do their tricking over the phone in front of the Def Con spectators and attendees. In a short time, contestants were able to retrieve sensitive information from people they've never met that work for companies such as Wal-Mart and Target showing the world how dangerous yet easy Social Engineering is. For the full article on CNN, click here.

Contact TechFarmer for more information on how to avoid Social Engineering affecting your business.