Social engineering is a hacking method that tricks unsuspecting users into sharing information or completing a desired action, such as clicking on a link or downloading a file, that helps the hacker gain access to a network. Social engineering is not necessarily limited to the cyber world — think of the scams where thieves call individuals to have them verify personal information or send money — but it probably is the most prevalent online because of the sheer volume of online interactions that occur each day. An individual might see a weird phone call as a red flag, but a prompt to click on a link or even enter a password can seem more commonplace. This trust gives hackers the opportunity to infiltrate a company’s network.
According to Norton, hackers use a variety of social engineering tactics to trick users, including
- Spearphishing, which involves masquerading as a trusted source and sending an email to victims asking them to click on a link or enter some information
- Baiting, or leaving a malicious USB with a virus and an enticing outer label in an office to tempt someone into plugging it into a computer
- Email hacking and contact spamming, or breaking into a user’s account and spamming his or her contacts with a malicious email
Once hackers have the access they need, they can join a company’s network and launch an attack from the inside. Approximately 60 percent of attacks happen from inside a company’s network, according to IBM’s 2016 “Cyber Security Intelligence Index
.” Of these, three-quarters are committed by malicious insiders while the remaining quarter is facilitated by unsuspecting users who fell for a social engineering tactic.
To protect their companies, IS professionals need to train their coworkers about cyber security and the dangers of social engineering. By teaching people to recognize the most common tactics and to speak up if they see something fishy going on, IS professionals can protect their companies from getting duped by hackers.
Taking this even further, IS professionals need to out-engineer these social engineers by understanding their motives and strategies and staying one step ahead. Cyber Security Dallas keynote speaker Brett Johnson
, former U.S. most wanted cybercriminal turned security consultant and public speaker, will show attendees how cybercriminals commit synthetic fraud, business email compromise, account takeovers and more. The “Original Internet Godfather” also will give attendees tips about protecting themselves and their companies from similar attacks. Don’t miss “Criminal Perspectives: Former US Most Wanted Cybercriminal Brett Johnson Discusses His History of Cybercrime, Its Current State, and Where It’s Going
,” on Thursday, Nov. 1 from 9:30 to 10:00 a.m. at Cyber Security Dallas.
Cyber Security Dallas will take place Oct. 31-Nov. 1 at the Gaylord Texan Resort & Convention Center in Grapevine, Texas. Ticket info can be found here