The human is fallible; your network is at risk

Social engineering can bring down any business network

Tags: Trend Micro IncorporatedUnited Arab Emirates
  • E-Mail
The human is fallible; your network is at risk There is no way to stop a human from being a human and human fallibility is what the security industry call the carbon layer of security says Giovanni Alberici, marketing architect, at Trend Micro.
By  Georgina Enzer Published  August 9, 2013

Social engineering attacks, plus the risk from employees opening email attachments or links from an unknown source, are some of the highest risks to enterprise security according to Giovanni Alberici, marketing architect, at Trend Micro.

“There is no way to stop a human from being a human and human fallibility is what the security industry call the carbon layer of security — the fallible layer and with social engineering — cyber criminals are very smart and know how to manipulate people. They will research a company and create something you will likely click on and open,” said Alberici.

The initial breach is not sophisticated and social engineering is a good way of getting people to install your malware for you.

Advanced Persistent Threats are particularly dangerous to enterprises, an APT is not a one hit shot. Typically a cyber criminals will break the hack down into quite a few stages and the initial breach is not very complex because some enterprise IT security is not what it should be. One of the initial methods to gain network access is using social engineering to get an employee to open an email attachment.

The email that launched the Stuxnet virus was trapped as spam and an employee took it out of spam and opened the attachment,that is what started that breach which was massively damaging for the company.

Top social engineering techniques

Social Networks: Sites like MySpace and Facebook are a virtual treasure trove of personal and corporate information. Hackers can even connect to the people behind these accounts to partly earn their trust.

Whaling: This variation on phishing involves stalking high-profile targets using both traditional phishing techniques as well as some internet-based investigative methods.

Phishing: The traditional phishing scam is a social engineering tactic, convincing users that you’re a legitimate representative of their bank so that they’ll click your link to your spoofed site requires a lot of convincing power as well as technical know-how.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code