Social engineering is the act of exploiting human behavior or psychology in order to gain access into an organization. This can range from a seemingly innocuous phone call to an employee to a more complex method, like a spear phishing attack. Social engineering is recognized as one of the greatest security threats facing organizations.
How is Social Engineering used?
There are numerous ways that social engineering can be used to gain unauthorized access into an organization such as phone calls, phishing emails, tailgating (following employees into doors that would otherwise require some form of authentication), and impersonation (either online or in-person). All of these methods are highly effective when executed correctly and can be a critical first point of contact for an attacker when attempting to gain access to a business's system.
How can it hurt my business?
If a hacker is given in-person access to an organization's network there are numerous ways in which they can cause damage to your business. A hacker's dream is acquiring access to an organization's server room because this gives the hacker easy access to information via plugging a device directly into the network or simply causing havoc by unplugging cords and switching cables.
The possibilities are virtually endless. In the case of an online social engineering attack, credentials can be gained via phishing to infiltrate the internal network of the business and gather valuable data while impersonating the employee.
SOCIAL ENGINEERING STATISTICS
- Professional services firms had the highest percentage of social engineering breaches, followed by financial institutions and higher education organisations.
- The world of Big Data and the Internet of Things could see the number of smart devices increase from 2 billion in 2006 to a projected 200 billion by 2020, according to Intel.
- According to the 2017 Annual Cybercrime Report from Cybersecurity Ventures, cybercrime could cost USD $6 trillion annually by 2021, double the USD $3 trillion seen in 2015.