This article at the end of this post underlines a threat that a lot of people forget about: Social Engineering
A social engineer is just another name for a con man. Social engineering takes advantage of the human element, which is the weakest part of any security plan. Since human beings are social critters, they have a tendency to be helpful because it's much easier to get along in society when you're helpful. It tends to be more difficult to get along in society if you have a reputation for being a road block. That's just the way the system works.
Just like hackers that exploit electronic systems, social engineers observe the normal behavior and protocols of their target social system. Once they have a solid understanding of the system, social engineers try to use the social system in an unexpected manner to get what they want. For example, they dress up as a tech support technician, drop a few senior executive names, walk into a building and start stealing laptops. This attack is analogous to trojan horse email attachment.
I think one of the biggest challenges we face in social engineering defense is that we take for granted the benefits civilization affords us all. Living in a community provides tremendous value to all its participants. When we fail to understand that value we don't afford the system sufficient protection. Additionally, a large portion of society's standard protocols are based on unverified trust, which makes a social engineer's job even easier. Furthermore, since we live this system every day, it is incredibly difficult to step back and make an objective analysis of the situation.
Given the combination of all these factors, there is little wonder why social engineering is so successful.
Now, if you'll excuse me, I'm going to crawl under my desk and whimper quietly to myself for a few minutes.
Cracking Physical Identity Theft - Desktop Security News Analysis - Dark Reading
Technorati Tags: security, social engineering
A social engineer is just another name for a con man. Social engineering takes advantage of the human element, which is the weakest part of any security plan. Since human beings are social critters, they have a tendency to be helpful because it's much easier to get along in society when you're helpful. It tends to be more difficult to get along in society if you have a reputation for being a road block. That's just the way the system works.
Just like hackers that exploit electronic systems, social engineers observe the normal behavior and protocols of their target social system. Once they have a solid understanding of the system, social engineers try to use the social system in an unexpected manner to get what they want. For example, they dress up as a tech support technician, drop a few senior executive names, walk into a building and start stealing laptops. This attack is analogous to trojan horse email attachment.
I think one of the biggest challenges we face in social engineering defense is that we take for granted the benefits civilization affords us all. Living in a community provides tremendous value to all its participants. When we fail to understand that value we don't afford the system sufficient protection. Additionally, a large portion of society's standard protocols are based on unverified trust, which makes a social engineer's job even easier. Furthermore, since we live this system every day, it is incredibly difficult to step back and make an objective analysis of the situation.
Given the combination of all these factors, there is little wonder why social engineering is so successful.
Now, if you'll excuse me, I'm going to crawl under my desk and whimper quietly to myself for a few minutes.
Cracking Physical Identity Theft - Desktop Security News Analysis - Dark Reading
Technorati Tags: security, social engineering
No comments:
Post a Comment