Combating Threat From Social Engineering

The topic I chose to do my analysis on concerning organizational issues related to Internet technologies and network security is a new and emerging threat to companies called ransomware. On 23 January, 2017, the Guardian (https://www.theguardian.com/books/2017/jan/23/ransomware-attack-paralyses-st-louis-libraries-as-hackers-demand-bitcoins?CMP=twt_books_b-gdnbooks) published an article that over 700 computers in St Louis had been infected with ransomware, and that the city was deciding how to deal with this threat.

In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.

According to Mitnick, social engineering in information security simply means the psychological manipulation of people so as to divulge confidential information. It involves some kind of confidence trick with the aim of gathering information, committing fraud or getting access to the system . This is very different for the traditional conning but is one of the processes that the social engineering process that is more complex.

Reconnaissance – Attackers may depend on social engineering to gain information, access, and data to a companies inner-working; This include finding out policies, office building security protocols; even dumpster diving for any information that could be used to initiate a scanning procedure. Counter measures for these methods include, enforcing employees to comply with security policies, constantly train employees in the methods of social engineering by attackers; this includes over the phone conversations subjecting an employee into disclosing any type of company information, no matter how innocent the information may seem (an alternative excuse for employees is to refer to company’s website), installation of security cameras, and use

Social Engineering is the hardest form of attack to defend against because it cannot be defended with hardware or software alone.

In this day and age, where information is the new currency on the block, criminals are on the rise to acquire this information. The book highlights the different techniques and attacks of the social engineer and how easily we are persuaded into thinking that technology has secured us from these attacks. He shows these through a variety of stories that have actually happened as indications of our negligence to these attacks, but as well points out ways that we can protect ourselves from these attacks and become less victimized by the social engineer. He gets us to look through

Social Engineering from the outset may seem like a topic one might hear when talking about sociology or psychology, when in fact it is a form of identity theft. To an information technology (IT) professional, Social Engineering is a form of voluntary, unintentional identity theft. Many victims fail to realize they are being victimized until it is too late, while many others may never know. This paper will provide a definition of social

An ordinary social engineer would be interested in finding various exploits in order to accomplish his goal. In the process, he will friendly interact with human and tries to extract or compromise information as a result. One strategy that a social engineering would use is to find a way to infiltrate the targeted community. For this he needs to dress properly and adopts some respectable and unsuspicious behavior vis-a-vis of the target. The hacker may play a diverse roles and on the occasion supply credential in such a way to establish legitimacy in the mind of the victim. Before the victim realizes, the attacker would have already sunk all the needs information from the victim.

Social engineering is often referred to as a technique a person, through use of deception, uses to gain trust and to fool a person into providing information that he/she would not typically freely give for the use of malicious intent. However, some would argue this definition should be broadened to include that it may or may not be for malicious intent, as some professions use social engineering for testing security measures (Hadnagy, 2011). For the remainder of the paper social engineering is in reference to as one with malicious intent.

The survey went out to 5412 security practitioners and 351 experts returned the surveys (Richardson, 2011). The survey participants are people that have either attended a CSI event or have an interest in security and are concerned with making improvements to security. The survey is an anonymous questionnaire that provides information about what security specialists are facing in the industry. The responses come from specialists within from various different types of groups within the private and public

Social Engineering as defined by IT professionals is the practice of deceiving someone, either in person, over the phone or using a computer, with the express intent of breaching some level of security, either personal or professional (Ledford, 2011.) Implementing quality risk analysis solutions while maintaining data integrity is a crucial element of successful system modeling; within the context of social engineering in the workplace, there are several factors that can make implementing those solutions rather challenging. Social engineering is a type of

Over the last few years, there is one factor that has been prevalent in the majority of data security breaches. It is the manipulation of the organizations employee’s into providing the hacker the private or confidential information without realizing it. The use of social engineering, and fraud in data breaches has been steadily increasing over the last few years. It is the job of a security professional to ensure that network data remains confidential, has integrity, and is available. All three of which can be compromised by the risk of social engineering.

Both the government and the private sector have been aware of the threat social engineering poses to information security since the 1980s, but it has only gained public notoriety within the last decade. Still, while today 's corporations may be prepared for a raid by anonymous cyber-terrorists striking from overseas, they continue to turn a blind eye to the dangers of socially engineered attacks. Thanks to a combination of corporate oversight and poor employee training, hackers with zero coding knowledge are able to penetrate their secured buildings and wreak havoc. In order to combat this vulnerability, the Department of Homeland Security should take an active role in the operational security of major American businesses through extensive auditing and employee training.

Information Security requires internal controls to protect confidential information from external intruders and internal intruders from unauthorized access to the information. The purpose and scope of this project is to address how businesses can use internal control techniques to protect employee, customer, and business information from unauthorized intruders. Internal controls determine how information can be accessed and used, as well as, by whom.

It is the manipulation of people through deception, lies, fabricated story and tricks. They influence and persuade people to obtain information with or without the use of technology. Social engineering is a powerful tool used by cyber criminals’ especially on seniors because of their level of trust.