Combitech expert about Social Engineering

15 July 2015

How security-conscious are you? Many of today’s computer users have been inculcated with the belief that security technology creates a secure environment. At the same time it is becoming ever more common for intruders to exploit human kindness to access business-critical information – a phenomenon known as Social Engineering. Kristoffer Karlström, Information Security Consultant at Combitech, tells us more.

What is social engineering?

Social engineering is where an intruder attempts to manipulate an individual to get hold of information. The intruder doesn’t need to be an expert on the technical side of things; in many cases the most effective method is to exploit various psychosocial weaknesses that we all share. It could be as simple as answering questions politely and courteously without thinking about the consequences.

 

So how do we become more security-conscious?

As an individual you need to learn to trust your intuition. The way I normally put it is that you need to have a healthy degree of suspicion. If someone calls and presents himself as a colleague but you start to feel unsure, you should ask some security questions or ask to call back.

 

 

Make a habit of being careful with the information you give out. Do not answer unusual questions from people you do not know via telephone, e-mail or chat or if the method of communication is different to normal. You also need to be careful about disclosing information about yourself and your employer on social media. Such information can easily be used against you and against your colleagues.

 

I advise organisations to regularly review their information security procedures and ensure that their employees become more security-conscious. At Combitech we can assist by providing training, tests and measurements to assess how security-conscious the employees are and what measures need to be taken.

 

What trends do you notice within the area?

Social engineering is nothing new but is becoming more common, precisely because it is so effective. We have also noticed that attacks are increasingly being outsourced and coordinated through Darknet, which is the black market on the Internet.

Hans Danielsson

Business Area Manager

hans.danielsson@combitech.com

+46 (0)13 18 00 17

Other news

29 October 2020

How do you know if your system is secure, if it has never been tested?

Combitech contributes to a safer and more secure society. An important part of this work is performed by our penetration testers. Their work is to simulate hacker attacks in order to find vulnerabilities and weaknesses in networks and systems. Three of Combitech’s sharpest pentesters, Christoffer Olsen at Combitech Denmark, Michael Johansson at Combitech Sweden and Olav Sortland Thoresen from Watchcom in Norway explain what they do, how they do it and why their work is vital to many companies.

3 April 2019

A Holistic Approach to Cybersecurity

The capabilities and motivations of attackers to go after operational systems in infrastructures critical to society’s resilience are omnipresent. But these sectors are traditionally not prepared to deal with such security threats. It is time to wake up!

21 November 2018

Your organization is “GDPR compliant”, but do you perform penetration tests?

Today’s organizations are facing an ever-expanding set of legal and regulatory compliance requirements regarding how they must handle sensitive information, how they must ensure the resilience of their digital processes, and how they must protect the privacy of individuals. Organizations must not only operate within legal and contractual boundaries but do so in a way that creates the business value that their stakeholders expect of them.

Want to know more?