"Social Engineering:  Hacking the Human"

Despite the efforts of security professionals, information everywhere remains vulnerable and continues to be the primary target of malicious actors.  While enhancements are often made to technological defenses to protect information assets, the deployment of more technology has not solved the most exposed and susceptible aspect of the security problem—humans. 

 

With today’s attacker community constantly maturing and refining its approach capabilities, exploiting the human link to access proprietary information or penetrate the corporate network is becoming a more common and attractive attack vector.

 

The threat of a breech to your organization’s information systems may not seem real until it happens and in most cases an organization will never know when they were hit by a social engineer.  However, understanding the strategies, methods, and tactics of a social engineer to attack the confidentiality, integrity, and availability of information systems and networks will help you to proactively prepare, enhance, educate and deploy controls to safeguard your information assets.

Kyle Konopasek, CIA, CICA