Social engineering
The fith tip in our series "How to assess and mitigate information security threats."
Social engineering is the practice of deceiving legitimate users of a system into disclosing information that will aid the attacker in compromising system security. A simple example is calling a user and pretending to be someone from the service desk working on a network issue; the attacker then proceeds to ask questions about what the user is working on, what file shares she uses, what her password is.
How to improve your cyber security with security analytics
Download this e-guide to read how many firms are looking to security analytics to keep abreast of the ever-evolving world of cyber threats. With traditional approaches to cyber security proving less effective against increasingly sophisticated and automated cyber-attacks, security analytics may well be your knight in shining armour.
A successful social engineering act requires the trust of the victim, so user awareness training about the problem is an effective countermeasure. Strict policies about service desk staff never asking for personally identifying information or passwords over the phone or in person can also help potential victims recognize a social engineering attempt.
How to Assess and Mitigate Information Security Threats
Introduction
This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.
Read more on IT risk management
-
Hacking the internet of things just got easier – it’s time to look at your security
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
Start the conversation
0 comments