Unlike technical controls, that are built on rules and algorithms, humans revolve around feelings, and emotions. These human responses make up our natural instincts to trust and feel the need to help others. For most of us, we have been raised to "love thy neighbor", or to "do unto others as you would have them do unto you." These types of actions and response are exactly what a skilled social engineer is counting on to breach the human firewall and bring unsuspecting individuals to a potential cybercrime event.
To illustrate, in 2015, Ubiquiti Networks, a San Jose based technology company, fell victim of an email based social engineering attack that resulted in the loss of $39.1 million dollars (Honan, B. 2015). As stated by Honan (2015), "it appears a member of staff in one of its subsidiary companies based in Hong Kong fell victim to what is known as a "CEO scam", which is where a social engineer impersonates a senior staff member within the organization. By successfully impersonating a senior staff member, individuals tend to fall back to their natural human response of trust. In this case, the natural response created a devastating monetary and brand repercussion for the organization. One of the most powerful ways for these social engineers to penetrate the human firewall is through phishing attempts, as it takes less time and efforts to achieve their desired results (Mijares, A. 2015).
These types of attacks are on the rise, however, with the right amount of training, awareness, and guidance, the people within the organization can become an exceptional defense against social engineers who seek to exploit the human firewall for malicious purposes. Instead of accepting an email or unknown individual at "face value", learn to overcome the natural instincts we have and verify the information before opening the "ports" of your human firewall.
For more information on protecting against social engineering attacks, spend some time on Google and possibly the book The Art of Deception, by Kevin D. Mitnick, William L. Simon, and Steve Wozniak (Review of the Art of Deception, n/d). You will find a plethora of information designed to give you the information you need to put a training program together for your organization.
Thank you for reading! Until next time, remember that you don't have to become a victim of a threat to become aware of a threat!
References:
Honan, B. (2015, August 6). Ubiquiti Networks victim of $39 million social engineering attack. Retrieved February 18, 2016, from http://www.csoonline.com/article/2961066/supply-chain-security/ubiquiti-networks-victim-of-39-million-social-engineering-attack.html
Mijares, A. (2015, October 22). Social engineering: Employees could be your weakest link. Retrieved February 18, 2016, from http://www.computerworld.com/article/2996606/cybercrime-hacking/social-engineering-employees-could-be-your-weakest-link.html
Review of The Art of Deception. (n.d.). Retrieved February 18, 2016, from http://www.techsoc.com/deception.htm
No comments:
Post a Comment