Target, Home Depot, K-Mart. These are but a few of the organizations that have recently experienced large scale breaches of their data security walls. In most cases, the breach occurred because someone within the organization succumbed to social engineering.
Target’s November 2013 disaster, which has cost them in excess of $160 million, is a case in point. It originated with a phishing attack sent to employees at an HVAC firm that Target did business with.
Social Engineering is basically taking advantage of people’s inclination to trust, in order to have them unknowingly commit an act that allows a hacker access behind a corporation’s firewall. The hacker deceives a person on the inside to plant a program. They can then just sit back and wait for the IP bonanza to come to them. It has become the most common method used by hackers to steal information.
No one is immune to a social engineered attack. The website social-engineer.org lists the results of a study that showed, among other statistics, that when phoned, 90% of people will provide not just the spelling of their names but their email addresses, without confirming the identity of the caller. It also posts an infographic that illustrates the extent of social engineering attacks across a wide spectrum.
Education is the way to identify this insidious assault, so that it can be avoided in the future. Organizations should invest in ensuring that their employees, contractors and vendors understand the onslaught and are prepared.