Social engineering is an old fashioned
manipulation to pursue or convince the user to divulge the required
information, which can lead to security lapse. All social engineering
techniques are based on specific attributes of human decision-making known as
cognitive biases*. These biases, sometimes called "bugs in the human
hardware," are exploited in various combinations to create attack
techniques. Though not new, Social engineering has become more complex and
global problem then ever.
Fraudsters around the world share the common
goals a) Fraud b) Network Intrusion c) Industrial Surveillance/espionage d) Identity
theft. The aim of a security experts is to protect the computer system from
unwanted attacks from the fraudsters and hackers. Through employing different
security mechanisms one can protect these unauthorized entries. Most of the
organization solely rely highflying millions of dollar worth technologies, but
they fail to notice that every computer system on earth is somehow related to
human, who are most venerable to attacks. While new technology may reduce the
risk of hacker attacks, it’s not a silver bullet. If the goal is to protect the
network, one just cannot rely on technology alone.
Whether it is security of a system or something
else, it is based on trust. To trust is a human nature, but probably it is the
biggest weakness. Social engineers take advantage of this characteristic of
human and manipulate their mind to crack the system. Social engineering can
happens anywhere. It can happen in chat rooms, it happens when you travel in
metro, it happens when you are sitting with your colleague in a restaurant
discussing some important business matter, it can happen via email or anytime
where user is getting in touch with another person.
Social Engineering methods** broadly can be
classified as physical and psychological.
Physical methods are:
- Dumpster
Diving.
- Physical
Intrusion or Eavesdropping.
Whereas psychological methods are:
- Via
phone.
- On-line
method.
- Persuasion.
- Reverse
social engineering.
- Phising
- Vishing
Daily more and more social engineering crimes
are reported at various locations. The mistake most of the corporations do is
to devise strategies only to prevent physical attacks, whereas they ignore more
threatening psychological strikes. There is strong need to develop and
implement turnkey security policies to combat all types of security breaches.
* Cognitive Bias
is a broad term for all distortions in the human mind that are hard to avoid
and that lead to a perception, judgment, or reliability that deviates
systematically, involuntarily, and rather distinct from the
"reality". For eg: Illusion of
Control: The tendency for human beings to believe they can control or at least
influence outcomes which they clearly cannot.
** Complied
from different documents and personal lecture notes.
Submitted By:
Dr Nikhil Agarwal
No comments:
Post a Comment