Social Engineering: Hacking Humans

We put so much effort into securing our systems. We enforce multi-factor authentication. We deploy WAFs. We mandate software updates. We constantly scan our code. We encrypt our communication and sensitive data. Researchers ensure that ciphers remain strong. Yet, we’re still getting hit. Facebook lost $99 million, Ubiquiti $39.1 million, Google $23 million, Toyota $37 million, the Government of Puerto Rico $2.6 million, and Belgian Bank Crelan $75.8 million. What is the common denominator in all these attacks? Social engineering. It is one of the most subtle yet potent set of techniques, often used by individuals or groups to exploit human weaknesses and gain access to systems and sensitive data. No organization or group is immune to this form of attack. Working in an IT company places us in the crossfire. On one hand, we have access to not only business data but also information that could be exploited to attack our organization. On the other hand, IT professionals themselves are well-positioned, making themselves potential targets of attacks. While it’s almost impossible to be fully protected against social engineering, it is vital to understand the possible vectors of attack. Various methods and psychological tricks can be used to compromise our security or that of our organization. So, let’s buckle up and take a small step toward becoming more secure.