People Hacking: the Art of Social Engineering

4062 Words17 Pages
People Hacking: The Art of Social Engineering

ABSTRACT

Social engineering is one of the most overlooked aspects of information security and yet it is the easiest way for someone – usually an employee - to gain access to restricted information on a computer network. Attacks can be either physical or psychological; each can be equally effective in acquiring confidential information. Methods used to get information can be either human- or computer-based, with different psychological reasons why each method works. Protecting against social engineers boils down to policies that guard against their attacks, but these policies must also be complemented with an effective security awareness program in order to be successful.
…show more content…
Even the focus of securing networks has moved from just intrusion detection to intrusion detection and prevention (Golomb, 2003). Although most companies have significant investments in physical security (security guards and laptop locks) and data security (IDS/IPS and firewalls), one of the biggest and yet most misunderstood threats is from internal sources.

INSIDERS VS. HACKERS

Studies have shown that the majority of all threats to a company are internal. This is where firewalls and IDS systems have little to no effect. This is also where management needs to focus on the employees instead of technology. Internal threats can be anything from a disgruntled employee selling corporate secrets to a secretary who has been given too much access to unneeded information. One survey, conducted by New York security firm Michael G. Kessler & Associates Ltd, discovered that "35 percent of the theft of proprietary information is perpetrated by discontented employees. Outside hackers steal secrets 28 percent of the time; other U.S. companies 18 percent; foreign corporations 11 percent and foreign governments, 8 percent" (Kessler, 2000).

THE COST OF COMPUTER CRIMES

In another study conducted by the Computer Security Institute and the FBI, it was shown that the rate of computer crimes is rising, along with the costs associated with such crimes. The findings stated, "Financial losses among 163 respondents totaled $124 million, which was

More about People Hacking: the Art of Social Engineering

Get Access