You may have heard of the concept of social engineering. It is the worst nightmare for cybersecurity professionals and IT administrators. Why? IT professionals can’t protect themselves against social engineering.
Social engineering isn’t just an IT problem anymore. The world has seen large-scale social engineering attacks on social media in the last five years. Experts are sounding alarms, but this is a problem that has no easy solution. Although security awareness training and technical cybersecurity courses may help some, it’s still a major problem.
Let’s discuss social engineering. What is it? And why is it so effective.
What is Social Engineering?
Social engineering refers to manipulating people or groups of people to perform a desired action.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start trainingThis is a very clean definition of social engineering. What does this mean?
Let’s say you and your friends want to go out for dinner. Your friends all want to go to an Italian restaurant. But you don’t like Italian food. Your friends are smart and you convince them to go to a gastropub for hamburgers.
Although this is a simple example of social engineering it still illustrates the concept. You convinced your friends (or adversaries in this case) that they should perform an action they didn’t want to.
Social engineering is not new. Historians have discovered examples of social engineering attacks that date back thousands of years. Social engineering is still a major problem today.
Why is this?
Social engineering attacks are often highly targeted. Attackers will target specific individuals who can act in the attacker’s favor or have the information the attacker needs. Social engineering has become a common attack vector due to the rise of large-scale digital communication as well as social media.
Social engineering is now more dangerous and efficient than ever. Today, social engineers can launch campaigns against entire countries or large groups of people.
An Overview of Social Engineering [VIDEO]
Keith Barker explains some of the social engineering tactics and techniques that hostile actors use in this video. Social engineering doesn’t just involve stealing data and stealing money. They can also be used to compromise the thoughts of a group. The consequences of an attacker or group manipulating the thoughts and minds of millions or even hundreds of millions of people could be catastrophic.
What is Social Engineering used for?
Social engineering is used to convince people to do something they wouldn’t normally do or to gain the information that social engineering attackers require. This is a broad definition of social engineering, but it is what it is used for.
IT professionals hate social engineering. It is the only vector that administrators can control in IT. A system can only be as strong as its weakest link. The people who run computer systems are often the weakest link.
Many of the hacks you see in the media were launched using social engineering attacks. A social engineering attack was the catalyst for one of the most severe crypto-malware attacks on a steel company in 2019. The attackers used Excel to send a malicious payload to a targeted employee of the steel company. Although we’re all told not to click links or open files in emails, what if the Excel document comes from a business contact at a vendor that your company works with? What if you just spoke to that business contact and were expecting the Excel document in your email. That email would be opened by you, and that is exactly what happened.
Kevin M. is another example.