Bookmark and Share

Social Engineering - The Real E-Terrorism?


One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. The technical support operator expressed an interest so the hacker sent him an e-mail with a photo of the car attached. When the operator opened the attachment it created a back door that opened a connection out of AOL's network, through the firewall, allowing the hacker full access to the entire internal network of AOL with very little effort on the hacker's part.

The above is a true story and it is an excellent example of one of the biggest threats to an organisation's security - social engineering. It has been described as people hacking and it generally means persuading someone inside a company to volunteer information or assistance.

Examples of techniques employed by hackers include:

  • Unobtrusively observing over your shoulder as you key in your password or PIN.

  • Calling helpdesks with questions or being overly friendly

  • Pretending to be someone in authority.

Social engineering attacks can have devastating consequences for the businesses involved. Accounts can be lost, sensitive information can be compromised, competitive advantage can be wiped out and reputation can be destroyed.

By implementing some simple techniques you can reduce the risk of your organisation becoming a victim or, in the event that you are targeted, keep the consequences to a minimum.

  • Make sure that all staff, especially non-IT staff, are aware of the risk of social engineering and what to do in the event of such an attack.

  • Conduct regular security awareness training so that all staff are kept up to date with security related issues.

  • Implement a formal incident reporting mechanism for all security related incidents to ensure there is a rapid response to any breaches.

  • Ensure that the company has security policies and procedures in place, that all staff are aware of them and that they are followed.

  • Put an information classification system in place to protect sensitive information.

Conduct regular audits, not only on IT systems but also on policies, procedures and personnel so that any potential weaknesses can be addressed as soon as possible.

About The Author

Rhona Aylward has extensive experience in the area of Quality Management and more recently in Information Security Management. She is a qualified Lead Auditor for BS7799 and CEO for Alpha Squared Solutions Ltd.

www.a2solutions.co.uk, raylward@a2solutions.co.uk

 RELATED ARTICLES
Spyware, This Time Its Personal!
First the basic definition of Spyware: It is a type of software which is installed onto your computer without your permission... It can log your keystrokes, which websites you visit, read you email, and even prowl your hard drives. At some point in time, it transmits its harvested information to the owner. Transmitting this data can slow your computers resources which can result in programs taking longer to load, make for longer waits for WebPages to load, and even complete system failures can occur.
Make Money Online - Latest Scam Disclosed
Before we start, I want to make it clear that this article is about scammers that affect people who make money online by selling digital products, like e-books, software, etc. and have a refund policy, because we have a rather long way until the end and, if you are selling physical product or you money online through affiliate programs that don't involve a refund policy it's probably just a waste of time.
Do You Know What your Kids Are Doing Online?
It's a sad statistic, but hundreds of unsuspecting kids are lured away from home every year by strangers they meet in online chat rooms.
Online Shopping: 10 Tips For Safe Online Shopping
Have you ever bought a product or service from the internet?
Password Security and Safety
There is nothing more important that password security in world of technology. It is the first step to creating a safe and secure environment. If your password becomes compromised, there are limitless consequences to what could happen. There are a few very important factors in keeping your passwords safe and secure that everyone should adhere to.
Internet Privacy
Over the past few years as the internet has become more and more popular, privacy has become a major issue.Just as if you are walking down the street and can be watched, every click of your mouse every website you browse, or file you download, is traceable. In recent years this has become a major issue.
Website Security - Creating a Bulletproof Site in 5 Easy Steps
When it comes to a secure website and passwords it is all in your hands to create a password that a hacker simply cannot crack. However, this will require that you be creative and use everything at your fingertips to create the strongest password possible for a secure web site.
Spyware Removal
Spyware Solution
Whats All This I Hear About Firewalls?
At this point, if you've got the whole "turning the computer on" thing down; you are ready to learn about firewalls. Whether you use your computer for business or pleasure, it is important to have a firewall. If you use a high speed Internet connection like Cable modem or DSL, you are at a MUCH greater risk for someone to hack into your computer, ultimately giving them free rein to meddle in your files and your life.
Another Fine Mess!
I'm in the Anti-Spyware business, and I'm doing a lot of advertising to promote my website, but here I am online and on the phone, giving my personal information to.....who? Strangers basically, Geez! The majority of identity thefts occur thru contractors employing people in entry-level jobs that have not been properly screened. Not even Hackers,Phishers or Dumpster Divers account for as many! The ideal location for a Identity stealer would be in a out sourced agency that fails to use adequate screening processes.
Virus and Adware - Fix them Both!
We all get the odd virus now and then, but sometimes that one virus could cause so many problems. In this article I shall be going though just some of the problems that these virus software programs can do, and how to fix them.
Everything You Need To Know About Spyware and Malware
You are at your computer, checking out software on EBay. The computer is really sluggish, and you are not running anything else. You click on a link, and BLAM you are redirected to a search page you've never heard of and the "back" button won't work.
Backup and Save your business!
There you are busily typing away on your PC or yourLaptop, and all of a sudden the strangest thing happens.The screen goes black, extinquished like a candle in thewind.
Is Shopping Online For Your Horse Gifts Safe?
Shopping for horse gifts or other gift items on the internetis quick, convenient and is probably safer than you think.However, you still need to be aware that it is essential tovigorously protect your privacy and financial informationwhen making purchases online.
Corporate Security for Your Home Business
The words Corporate Security may conjure up images of a group of techies working in a wire-filled basement room of Microsoft or HP, combating hackers and terrorists online using words like algorithm and encryption. If you own your own business, do not allow yourself to think that security is only for big corporations. Every company, big or small, technological or traditional, has two major security concerns: protecting information, and protecting hardware.
Internet Identity Theft - How You Can Shield Yourself
With the advent of the World Wide Web, a whole new breed of criminals have surfaced, posing threats to more than just our material assets, but also to our very identities. Although there are a number of effective methods for protecting yourself from internet identity theft, not everyone takes the necessary steps to initiate such a plan. By tightening up your own personal security measures, you'll be far safer when you go online, and much less likely to become just another victim in the world of cyber-theft.
Phishing - A High Tech Identity Theft With A Low Tech Solution
Have you ever got an email asking you to confirm your account information from a bank or a company that you have never done business with? The email looks official and it even has a link that appears to take you to the company's website. The email you have received is actually from an identity thief. These crooks are hoping people that have an account with the business will click on the link and submit their account information for verification purposes. These thieves are phishing for account information. Phishing is a sophisticated way to lure you to phony websites where you voluntarily surrender your passwords and account information to identity thieves without realizing it.
Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around.
All About Computer Viruses
Your computer is as slow as molasses. Your mouse freezes every 15 minutes, and that Microsoft Word program just won't seem to open.
Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking
Airport Menace: The Wireless Peeping Tom----------------------------------------As a network security consultant, I travel quite frequently. At times, it seems like the airport is my second home. I actually like to fly, it's a moment in time where no one can reach me by e-mail, or mobile phone.

© Athifea Distribution LLC - 2013