Internet usage is growing dramatically, but the vast majority of internet users don’t have any security backgrounds. Neither do a large majority of companies care about information security and the severity of any attack that could harm the valuable assets of these companies. They don’t give their employees security awareness sessions either. For these reasons humans are the weakest link in the information security chain. The act of manipulating humans to access sensitive information is called "Social Engineering".
"Bad Guys" have figured out that by manipulating, or tricking the human element, there is easy access to the information they seek. A very clear example of this is a random phone call to a large corporation. The innocent receptionist answers the phone. The caller identifies himself as someone from Tech Support, checking the system, and in order to do that, passwords are needed. The receptionist, never suspecting a thing and wanting to be cooperative and a good employee, grants the request. Thus, the sky's the limit! Access to all kinds of private, personal and sensitive information is achieved. This is known as "phishing".
Another form of "Social Engineering" is called "Tailgating". How many times have you entered a secured door when someone rushed in with you? This happens more often than you may think, and this is "tailgating". Many "hackers" already know how to get information...they just need access to it, right? Walking into a secured building sometimes is all it takes for the "Bad Guys" to acquire the information they seek.
So, why aren't more companies educating their personnel in these critical areas, and shoring up the "weak link" in their organizations? The answer is a mystery, except to say that perhaps, we get so caught up in “what’s new” that we lose sight of the importance of “what’s practical.” The coolest new digital hacks are interesting but when it comes to information security, longevity and popularity of attacks relevant to your industry are what builds awareness campaigns.
The hacks at Sony, Experian, and Morgan Chase are all believed to have resulted from a Social Engineering assault. The damage caused by these compromises was direct financial losses to companies’ bank accounts, financial losses in terms of trust and business lost, financial losses in the form of paying for identity/credit protection for employees or customers whose records were stolen, physical damage to industrial equipment, physical damage to hardware and digital architecture, psychological losses in the form of trust lost or embarrassment to individuals or companies… the list could go on, but I think you get the point.
We at Alcala Consulting have our own Security Expert on staff, ready to answer any questions you may have. We also regularly conduct security workshops, here in office, as well as at outside corporate locations, in the attempt to educate businesses and the public of this growing problem.
Contact us at 626-449-5549 for more information, or to schedule a workshop for your company.