Social engineering training helps prevent attacks

Social engineering training helps prevent attacks

Tags:   botnet  information security training  Security Awareness Training and Internal Threats

By Brian C. Sears | Jun 29, 2009

Social engineering has become such an integrated part of our lives that it is accepted without question. Its over usage has made it an easy tool for attackers. It has led to the creation of botnets, which feed on controlling social behavior to spread more malware and steal sensitive information.

From the day we are born, social engineering affects our lives in both negative and positive ways. Humans want to be liked and accepted by others. At the root of this is our emotions, which leave us open to suggestion and manipulation by others. And the bad guys have done a terrific job at adapting social engineering as a means to effectively gain access to information and systems they would otherwise be denied. These social engineering attacks come in variety of different forms but almost always relate to current events. A good example of this is email spam designed to take advantage of the economy in the form of "get rich quick" or "work from home" schemes.

It is our emotions and predictable behavior that allow it to be possible for the creators of viruses and botnets like Conficker to be so successful. Conficker took social engineering one step further by implying that a major event would take place on April 1. The media's coverage of the impending event resulted in an overreaction and played on the public's fear that somehow we were powerless to stop it. How did this benefit Conficker? As humans we are drawn into the hype of an event and then disappointed when it doesn't occur, we then tend to doubt future events. Leading up to April 1st the national media's reports ran around the clock. All reporting ceased after a major April 1 event failed to occur, even though as of June 2009, Conficker was still active and infecting an estimated 50,000 computers every day.

This social engineering move on the part of Conficker, whether by design or by accident, created an environment from which it can continue to evolve and infect new hosts. Most people will discount future warnings as unfounded hype. With social engineering so firmly established in our daily lives, it is not a surprise that most of us fail to address it as a security concern. We have become so desensitized to the concept from over usage that most people can't tell when it's happening to them.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Merging SIM and IAM systems
DNSSEC predictions optimistic
WhiteHat Security reveals top 10 Web hacking techniques
Social networking sites are phishing traps
RSA conference tackles social networking

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS