…because it consistently works. There is no patch for the largest vulnerability of any network, which is an untrained user or even an experienced security professional who forgets, in the heat of the moment, to follow what they have been taught.
Path of Least Resistance
A malicious hacker knows he can spend hours, weeks, or even months trying to brute force his way to a password or make one phone call with the right pretext and perfect questions to get the same password and more in only a few minutes. An attacker can utilize dumpster diving, sift through open source information, talk to a disgruntled employee, or walk into a business as a delivery person in order to gain full access to a network. The role played by social engineering becomes greater as software products become more secure and harder to crack. In order to develop a plan to protect from such attacks you must understand what tactics a social engineer will use, how they will use them, and what methodology they will employ in their attack cycle.
On The Rise
Over the past several years, the incidents of social engineering tactics used in cases of fraud and data breaches have continued to increase. Reports released by industry leaders such as Sophos, Verizon Enterprises, and Kaspersky all indicate that social engineering tactics (phishing, vishing, and impersonation) are being used in conjunction with digital hacking methods to make attacks more effective and inevitability more profitable for the attackers. The only way to protect against these attacks is through training and creation of a security-minded culture within your organization. Attackers know most of the time an employee doesn’t realize they are doing something wrong or the value of the information they are disclosing, and it is that naivety that creates a perfect atmosphere for a breach.
One of Many
It is notable to mention that just because social engineering is becoming a common element of malicious attacks does not mean everyone can successfully pull it off. As this framework will outline, a successful social engineer will have many tools in their arsenals and many attack vectors at their fingertips.