Here’s a top tip from the cyber crime scene. Social engineering is the best way to steal from companies – and the softest targets happen to be the most lucrative, according to a new report.
The snooping industry is well ahead here. When private detectives want to track an absconder, for instance, it’s a lot easier to bung the local postmaster a sweetener in exchange for the ‘confidential’ forwarding address they left.
One of Britain’s first hackers, Steve Gold (who famously broke into Prince Philip’s account) always argued that social engineering was a far more effective method of robbing. If you want to steal from a company, befriend someone in the call centre. That’s a lot easier now that the call centres are manned by much poorer people, in remote areas that have no sympathy with the customer base. So well done to whoever came up with that scheme.
There’s a case to be made that many public sector IT contracts are social engineering outrages taken to their local conclusion.
We should be indebted to security vendor Blue Coat then, for conducting research into security’s elephant in the room. But I'm not, because it didn’t confirm any of my prejudices. In fact, it makes quite painful reading, if you happen to fall into the wrong part of the Venn diagram of security liabilities.
According to the study, women are far more security conscious when socializing online than men. Around 52% configure their privacy settings, while only 36% of men pay any attention to this important detail.
It gets worse for the Camp Testosterone as the spotlight falls on us older specimens. Apparently we are more gullible and liable to leave the doors open to cyber confidence tricksters than any other group. In fact, Female Generation Z types are twice – twice! – as conscientious as the men of Generation Why oh Why.
However, thanks to the invidious old boy network and the glass ceiling, we’ve managed to grab all the prestigious positions in corporate Britain. (I must have missed the meeting when all the spoils were handed out).
So the cream of the company are the least secure and the last people that should be trusted to keep company secrets.
Men of a certain age can be a gateway in to corporate systems, according to Hugh Thompson, chief technical officer at Blue Coat.
“As they reveal more about themselves on social media, they become more knowable, which exposes them to higher risk of social engineering,” says Thompson.
As the seriousness and complexity of threats grows, businesses need to employ security measures, including training, that take our terrible behaviour into account, he argues.
“It’s no surprise that females are wary about security when you consider their online lives - they are showered with unwanted, often aggressive attention simply because of the sheer number of lonely men on Tinder, Instagram, Facebook, YouTube and Snapchat,” says Ash Patel, Cobweb’s director of business transformation. (Hang on, has he been snooping on me?)
The MySpace generation of social media was too new and exciting for anyone to care about safety. Generation Z arguably has grown up with these lessons already learned and security becomes second nature. Even the apps, like Snapchat, are adapting.
There must be a channel sales opportunity there, surely. This calls for some (high margin) security training courses. Only one fifth of the survey has actually had any security training.
Francois Amigorena, CEO of security software company IS Decisions, says passwords are a good place to start. "Passwords are like underwear, you should change them often and never show them to anyone else,” he says.
Targeting men might be a good hook, but it’s folly to generalize, says Paul Ducklin, Sophos’s senior security advisor. Trusting in demographic surveys in computer security is a risk in itself, according to Ducklin. Pronouncing that cohort X puts the company more at risk that cohort Y is appealing, but be careful of over reaching conclusion that Y is great at computer security, and cohort X is not.
“If someone, middle-aged male or not, overtakes you on the motorway when you're already doing 90mph, you're still speeding too,” says Ducklin. “We can all lift our computer security game a bit, and we'll all benefit - and that's your best kind of altruism, because it benefits everyone.”
Come to think of it, even the most secure group, Female Generation Z, still had 48% of the sample who were oblivious to privacy setting. So we’re all easy targets for the scammers.