Home > Articles > Security > Network Security >

Deploying Disney: How Social Engineers Take Advantage of Childhood Lessons

By Chris Nickerson
May 20, 2009

Article Contents

Page 1 of 5 Next >

Chris Nickerson

Learn more…

Deploying Disney: How Social Engineers Take Advantage of Childhood Lessons: May 20, 2009

Sorry, this author hasn't posted any blogs.

Like this article? We recommend
Cyber Crime Fighters: Tales from the Trenches

Security consultant Chris Nickerson points out that social engineers (the kind you hire as consultants) aren't evil; in fact, they want to help you prevent people from stealing your secrets. But longtime teaching from "Uncle Walt" and his many animated characters may make it easier for attackers to get at your mind.

People tend to believe that social engineering (SE) is an exercise in "BS-ing," or a way to trick users, but it's actually a distinct science. The founders of this science developed social engineering techniques in order to help people through difficult situations and change their world. The responsibility of the professional social engineer is to expose the weaknesses inherent in current corporate cultures—not to show off by proving that we can break through a company's security. The purpose of social engineering is to connect companies to the reality that risk lies everywhere, and that the company must protect its business and users from the harms that we all face.

Think of social engineering as being like healthcare coverage. Everyone is susceptible to disease and sickness, so companies provide healthcare benefits to keep employees and the business safe from the risks of illness. (For the business, those risks include loss of productivity, profit, and personnel.) Likewise, companies need to conduct social engineering tests and gain an understanding of how susceptible their information assets are to ever-growing threats.

The Level of Risk Is Rising

During the hard economic times that the U.S. has experienced in 2008 (and the likelihood of rougher times ahead), newer and more creative threats have bombarded business. The security market as a whole is undergoing a huge uptick in risk due to current socioeconomic conditions. More people are "turning to the dark side" and finding profit in ways that they might once have considered taboo. It reminds me of what Les Stroud from the TV show Survivorman says: "Normally, I would never do this, but when it's your only chance for survival, you do whatever it takes." Much of the American public is in survival mode, as highlighted by the recent news of attacks, exposure of massive-scale information-theft networks (Ghostnet), and even the ever-present Conficker worm. All of these events are indicators that more and more people are looking to information theft as a source of income.

This growing risk doesn't just come from increased monetary pressures or the sheer number of attackers peeking out of the woodwork—it also comes from the victims. Yep, that's right! And this is where social engineering comes into the picture.

Page 1 of 5 Next >

Discussions

Make a New Comment

You must log in in order to post a comment.

Related Resources

OnSecurity (Audio + Video)

Recent Episodes

OnNetworking (Audio + Video)

Recent Episodes

See More Podcasts

Out of Sight: By John Traenkenschuh on August 29, 2009 No Comments; Must data be live for you to Live?

Iraq and Afghanistan: By Shon Harris on June 19, 2009 No Comments; Iraq and Afghanistan – We Are Still There?

Great password information at a small price: By John Traenkenschuh on June 13, 2009 No Comments; Where can cash-strapped security pro's get great information on security basics??

See All Related Blogs