Social Engineering is a security term that may be thrown around in corporate offices numerous times a week, month, or quarter, but does everyone at your company know what it really means?
Annual or even more frequent security training for employees is a common practice throughout most organizations, often in the hope that employees learn from past mistakes and pay attention to these examples help to prevent future threats. Social Engineering describes technical and physical attacks that use deception against a company where the attackers hope to gain personally identifiable information (PII) or company secrets that users would not normally share. Many of these attacks are disguised in ways that can make them hard to detect, meaning most people do not know that the information they share actually ends up being used maliciously.
Social Engineering attacks could involve anything from Phishing and Vishing attacks to dumpster diving and shoulder surfing. Over the next few weeks we will look closer at Social Engineering and its attack techniques, tactics and procedures (TTPs) in order to help you stop these types of attacks from preying on your company. Even when faced with different variations of these attacks, many can be prevented with training and familiarity of what to look for, potentially saving your company significant time and money while reducing your overall risk exposure.