Home
Bookmark this page | Contact Us

Social Engineering - The Real E-Terrorism?


One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. The technical support operator expressed an interest so the hacker sent him an e-mail with a photo of the car attached. When the operator opened the attachment it created a back door that opened a connection out of AOL's network, through the firewall, allowing the hacker full access to the entire internal network of AOL with very little effort on the hacker's part.

The above is a true story and it is an excellent example of one of the biggest threats to an organisation's security - social engineering. It has been described as people hacking and it generally means persuading someone inside a company to volunteer information or assistance.

Examples of techniques employed by hackers include:

  • Unobtrusively observing over your shoulder as you key in your password or PIN.

  • Calling helpdesks with questions or being overly friendly

  • Pretending to be someone in authority.

Social engineering attacks can have devastating consequences for the businesses involved. Accounts can be lost, sensitive information can be compromised, competitive advantage can be wiped out and reputation can be destroyed.

By implementing some simple techniques you can reduce the risk of your organisation becoming a victim or, in the event that you are targeted, keep the consequences to a minimum.

  • Make sure that all staff, especially non-IT staff, are aware of the risk of social engineering and what to do in the event of such an attack.

  • Conduct regular security awareness training so that all staff are kept up to date with security related issues.

  • Implement a formal incident reporting mechanism for all security related incidents to ensure there is a rapid response to any breaches.

  • Ensure that the company has security policies and procedures in place, that all staff are aware of them and that they are followed.

  • Put an information classification system in place to protect sensitive information.

Conduct regular audits, not only on IT systems but also on policies, procedures and personnel so that any potential weaknesses can be addressed as soon as possible.

About The Author

Rhona Aylward has extensive experience in the area of Quality Management and more recently in Information Security Management. She is a qualified Lead Auditor for BS7799 and CEO for Alpha Squared Solutions Ltd.

www.a2solutions.co.uk, raylward@a2solutions.co.uk

MORE RESOURCES:
Anti-Government Protesters Rally in Bangkok - Voice of America

Times Online
Anti-Government Protesters Rally in Bangkok
Voice of America
A few thousand protesters rallied outside of the headquarters of the Thai military unit in charge of national security. Weng Tojirakarn is one of the ...
Bangkok on alert ahead of rallyAljazeera.net
Security beefed up at Thai Gov't HouseXinhua
Thailand braces for 'red shirt' protestsBBC News
Reuters -euronews -VOVNews.vn
all 579 news articles »

Guard to be disciplined for Newark airport breach - The Associated Press

NJ.com
Guard to be disciplined for Newark airport breach
The Associated Press
NEWARK, NJ — Officials will discipline, but won't fire, a New Jersey airport guard who briefly left his post, triggering a security breach that delayed ...
Guard to be disciplined for Newark airport breachAsbury Park Press
Discipline for guardin airport breachNorthJersey.com
Guilty Plea in Newark Security BreachSmarterTravel.com (blog)
NJ.com
all 140 news articles »

'JihadJane' shows why we need equal-opportunity security checks - Washington Post

The Guardian
'JihadJane' shows why we need equal-opportunity security checks
Washington Post
It took the case of "JihadJane" to illuminate what should have been obvious by now: Anyone who claims to be able to identify a potential ...
Blogs Expose Jihad Jane as National Security ThreatDallas Blog (blog)
NYPD Intel: Jihad Jane in New York terror melodramaExaminer.com

all 2,079 news articles »

Fallout: Metro replaces tunnel security firm after girl's beating - Seattle Post Intelligencer

KOMO News
Fallout: Metro replaces tunnel security firm after girl's beating
Seattle Post Intelligencer
King County Metro Transit has hired a new private security firm for the Downtown Transit Tunnel in an attempt to restore the public's ...
Metro hires new security firm for downtown tunnelSeattle Post Intelligencer (blog)
New security force to patrol Seattle Transit tunnelNorthwest Cable News
New Security Firm Hired To Patrol Bus TunnelKIRO Seattle
KOMO News -Seattle Times
all 7 news articles »

The truth about Social Security payments - Zanesville Times Recorder

Marketplace (blog)
The truth about Social Security payments
Zanesville Times Recorder
If your payment was raised from $96.40 per month, it was because you do not draw a Social Security check. I draw a pension but not Social Security, ...
Social Security benefits may be taxable incomeTulsa World
Reader Views on Social SecurityThe Tennessean
Social Security to start cashing Uncle Sam's IOUsABC15.com (KNXV-TV)
10TV -Marketplace (blog) -JD Supra (press release)
all 52 news articles »

Feds: TSA Worker Tried to Sabotage Terror Database - Wired News

TopNews United Kingdom (blog)
Feds: TSA Worker Tried to Sabotage Terror Database
Wired News
A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a ...
US Transport Security Administration worker charged with data tamperingComputerWeekly.com
Man charged over bid to damage US security databaseReuters
Former TSA Worker Charged With HackingInformationWeek
eWeek -Register -UPI.com
all 62 news articles »

TBS Casts Actresses for "Security" Drama Pilot - ABC News

TBS Casts Actresses for "Security" Drama Pilot
ABC News
LOS ANGELES (Hollywood Reporter) - TBS has cast Constance Zimmer and Kat Foster as the leads in its drama pilot "In Security. ...

and more »

Department of Employment Security not "reauthorized" - WLOX

Department of Employment Security not "reauthorized"
WLOX
... Mississippians could be affected by the house's decision to not pass a bill that would reauthorize the state's Department of Employment Security. ...
Governor pressured by growing jobless rateJackson Clarion Ledger
Miss. dems fight back - blame Barbour for not taking stimulus $ killing ...Yall Politics (blog)
Miss. jobless rates at 12 percentWXVT
BusinessWeek -Jackson Clarion Ledger -Jackson Clarion Ledger
all 118 news articles »

Security guard shot outside Hempstead bar dies - Newsday (subscription)

Security guard shot outside Hempstead bar dies
Newsday (subscription)
The security guard shot in the head last week outside a Hempstead bar has died, Nassau County police said Thursday. David Nestor Moreno, 22, was pronounced ...

and more »

China Security shares drop on new stock offer - BusinessWeek

China Security shares drop on new stock offer
BusinessWeek
US-traded shares of China Security & Surveillance Technology Inc. fell Thursday after the security and surveillance company said it will sell 20 million new ...
China Security & Surveillance Technology, Inc. Announces Public Offering of ...PR-CANADA.net (press release)

all 9 news articles »

Google News

 RELATED ARTICLES
Mail Forwarding - Why Would You Do It?
First of all we need to get some terms stated. I have been in the business for just over two years and there is still some confusion over the topic.
How To Give Away Your Personal Information
Identity Theft and Your Personal Information -------------------------------------------- Identity theft is apparently the "in thing" these days. By media accounts, hackers and evildoers lurk everywhere trying to steal your personal information.
Spyware, This Time Its Personal!
First the basic definition of Spyware: It is a type of software which is installed onto your computer without your permission..
Protecting Your Children On The Internet
If you are a parent, as am I, I think we can agree there is little else more important than keeping our children safe and protected. It's difficult enough keeping them safe from the unscrupulous people we read about in the news, but dealing with children and the Internet takes it to a completely new level.
Internet Scams: Dont be a Victim
As the number of people using the Internet as an integral part of their daily life grows, it is inevitable that the number of Internet Scams will grow. Unfortunately there are many forms of scams but in this article we will look at three of the most prominent.
Adware and Spyware: The Problems and Their Solutions
The Threat10 years ago you could probably have run no Internet security applications and still have come out after a browse of the Internet with a virus and malware free computer, but this situation is no longer apparent. Several years ago, before I knew of the dangers of the Internet, I had absolutely no spyware or adware protection.
Remove Rogue Desktop Icons Created By Spyware
If you have used a Windows machine for a while, whether it's Windows XP, Windows 2000, or Windows 98, you're sure to have noticed desktop icons appearing from out of nowhere. How can icons mysteriously emerge on your Windows desktop?1.
How to Fight Spyware
If you are wondering how to fight spyware for safe web surfing, this Internet privacy article will answer some of your questions. By now you have probably heard about the dangers of spyware.
Phishing and Pharming: Dangerous Scams
As soon as almost all computer users already got used to -- or at least heard about -- the word "phishing", another somewhat confusing word appeared not long ago. Pharming.
Be Alert! Others Can Catch Your Money Easily!
So called phishers try to catch the information about the account numbers and passwords of internet users. They deceive people with faked emails and websites that resembles exactly the originals of well known banks or electronic payment systems.
Spyware, What It Is, What It Does, And How To Stop It
Spyware is software that runs on a personal computer without the knowledge or consent of the owner of that computer. The Spyware then collects personal information about the user or users of the infected computer.
Phishing-Based Scams: A Couple of New Ones
Phishing in its "classic" variant is relatively well-known. Actually, 43.
New Mass Mailing Spamming Internet Trojan for the Windows Platform
May. 16th 2005 - MicroWorld has reported the discovery of Troj/Sober-Q, which is a mass mailing spamming internet Trojan for the Windows platform.
With the Rise of Internet Crimes, Users are Turning to High-Tech "PI's" for Solutions
High-tech private investigators are becoming the answer for many Internet users who have been victimized online. The use of e-mail by that unethical element lurking in cyberspace rings all too common these days.
Steganography - The Art Of Deception & Concealment
The Message Must Get Through ----------------------------- The year is 300A.D.
The One Critical Piece Of Free Software Thats Been Overlooked
Can You Prevent Spyware, Worms, Trojans, Viruses, ..
The Move to a New Anti-Virus Model
This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.Reason #1: the Basic ModelAnti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus to wreak havoc and then produce a solution.
The Importance of Protecting Your PC from Viruses and Spam
Today the internet is a mine field of malicious code looking to harm your computer. Hackers want to have access to your PC for both fun and profit.
How To Be Your Own Secret Service Agency
So you want to know who your kids are chatting with. Or if your spouse has a blossoming e-mail romance.
Dont be a Dork - Protect Yourself
There are folks out there who use their powers for evil, not good. Let's not give them the opportunity to sneak into our lives and wreak havoc.



Home | Sitemap | About the site | Privacy policy | Contact Us


© 2009 Info-Feed.com. All Rights Reserved