What is social engineering?
Social engineering is where an intruder attempts to manipulate an individual to get hold of information. The intruder doesn’t need to be an expert on the technical side of things; in many cases the most effective method is to exploit various psychosocial weaknesses that we all share. It could be as simple as answering questions politely and courteously without thinking about the consequences.
So how do we become more security-conscious?
As an individual you need to learn to trust your intuition. The way I normally put it is that you need to have a healthy degree of suspicion. If someone calls and presents himself as a colleague but you start to feel unsure, you should ask some security questions or ask to call back.
Make a habit of being careful with the information you give out. Do not answer unusual questions from people you do not know via telephone, e-mail or chat or if the method of communication is different to normal. You also need to be careful about disclosing information about yourself and your employer on social media. Such information can easily be used against you and against your colleagues.
I advise organisations to regularly review their information security procedures and ensure that their employees become more security-conscious. At Combitech we can assist by providing training, tests and measurements to assess how security-conscious the employees are and what measures need to be taken.
What trends do you notice within the area?
Social engineering is nothing new but is becoming more common, precisely because it is so effective. We have also noticed that attacks are increasingly being outsourced and coordinated through Darknet, which is the black market on the Internet.