Here’s a sobering realization: You can have the most sophisticated computer security in the world and it won’t always protect you. Everything you rely on to keep your confidential data secure can be accidentally undone by one employee—in a matter of seconds. That’s because hackers, more and more, are attacking the weakest link in your cybersecurity—your end users. It’s called social engineering. And it’s a serious problem.
It’s not new. This form of attack has been around longer than computers themselves, but as networks have become harder to break into manually, it’s seen a huge resurgence.
What does social engineering look like?
It can take many forms. It relies on your end users’ carelessness, lack of awareness and sometimes their human kindness to get information that helps hackers sneak into your networks or even your physical location.
Here’s one common tactic: An everyday user is home on a well-deserved day off. They get a call from the office. The caller ID says it’s John from IT. He tells the employee that he needs to update the security features on their computer. It takes all day to install, so it’s best to do it when they are out. Only, he needs their credentials to sign in to the machine and start the updates. Sounds innocent enough, only that wasn’t John, and now a hacker has credentials and an access point into your network. And that’s just the start.
How do you protect your organization?
The largest hurdle to overcome is general lack of awareness. Most employees just don’t have a good understanding of how and why they might be targeted. For example, more than two billion mobile apps designed to steal personal data have been willingly downloaded.