Security threats Toolkit

Greatest security risk: Social engineering, says Gartner

Munir Kotadia ZDNet Australia

Published: 01 Nov 2004 08:39 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The greatest security risk facing large companies and individual Internet users over the next 10 years will be the increasingly sophisticated use of social engineering to bypass IT security defences, according to analyst firm Gartner.

Gartner defines social engineering as "the manipulation of people, rather than machines, to successfully breach the security systems of an enterprise or a consumer". This involves criminals persuading a user to click on a link or open an attachment that they probably know they shouldn't.

Rich Mogull, research director for information security and risk at Gartner, said social engineering is more of a problem than hacking.

"People, by nature, are unpredictable and susceptible to manipulation and persuasion. Studies show that humans have certain behavioural tendencies that can be exploited with careful manipulation.

"Many of the most-damaging security penetrations are, and will continue to be, due to social engineering, not electronic hacking or cracking," said Mogull.

According to Mogull, identity theft is a major concern because more criminals are "reinventing old scams" using new technology.

"Criminals are using social engineering to take the identity of someone either for profit, or to gather further information on an enterprise. This is not only a violation of the business, but of someone's personal privacy," said Mogull.

Rob Forsyth, managing director at Sophos in Australia and New Zealand, told ZDNet Australia about a 'malicious and cynical' scam that recently targeted unemployed Australians.

According to Forsyth, the potential victim received an email that purported to come from Credit Suisse bank advertising a job opportunity. The email asked the recipient to go to a Web site that was an almost exact replica of the actual Credit Suisse site -- but this version contained an application form for the 'vacancy'.

Forsyth said the replicated Web site was recreated so thoroughly that it took experts 'some time' to confirm that it was actually fake.

"It took us some time to determine it was a fake site. It was not necessarily groundbreaking but quite a clever combination of technology.

"They are targeting those people in the community that are most in need -- those seeking work. It is exactly those people that might be vulnerable to this kind of overture,” said Forsyth.

Gartner's Mogull said: "We believe social engineering is the single greatest security risk in the decade ahead."

ZDNet Australia's Munir Kotadia reported from Sydney. For more coverage from ZDNet Australia, click here.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
61 out of 152 people found this useful

Full Talkback thread


Company/Topic Alerts

Create a new alert from the list below:

Video icon


Sentry Posts Blog

Today’s Japanese Cell Phone Merger - N...

MobileTech Wireless Insight: Today’s Japanese Cell Phone Merger - NEC, Casio, and Hitachi Author: Eric Everson, “The MobileTech” As explored by The Wall Street Journal today, cell... More

Post a comment

Mozilla fixes bugs in Firefox 3.5 and...

Mozilla on Wednesday released two new versions of its browser, Firefox 3.5.3 and 3.0.14, that patch three critical security holes and fix assorted other bugs. The updates can be... More

Post a comment

MoD pays 150m for soldier tech

The Ministry of Defence has announced that it will pay contractor Thales 150m for the first wave of the Future Infantry Soldier Technology (Fist) programme. The money will pay for... More

1 comment

Skip Sub Navigation Links to CNET Brand Links


Become part of the ZDNet community.