As Mark Twain once waggishly observed, “There is a great
deal of human nature in people,” which means that any organization with people
on the payroll faces myriad cybersecurity risks posed by social
The term ‘social engineering’ covers a multitude of deceptive
attacks, from the all-too familiar phishing, spear
phishing and whaling hacks, to less publicized but equally destructive
ploys, such as:
invent and exploit a false scenario to establish legitimacy, then trick the
target into taking an action or revealing information they ordinarily would not;
pretexting works because scammers often impersonate authority figures, such as
police officers, bank executives, tax authorities and even clergy.
MO in this scheme includes planting malware-infected thumb drives or other physical
media in public places and counting on peoples’ natural inquisitiveness to load
it on a computer and check it out.
(from Latin meaning “something for something”)–QPQ attackers call a company’s employees
at random, ostensibly to help with an IT issue that ‘someone there called in.’ Eventually, the crook connects with someone
who actually needs IT support and talks them into giving over login or other
So Why Are People Such
Basically, because we just can’t help being who we are, according
to independent consultant and sociologist Dr. Jessica Barker. “Whether online
or not, people fall for social engineering because attacks take advantage of
human nature,” says Barker. Scammers
understand how people think and act, and know that most will follow social and
cultural norms and do what is expected (such as complying with instructions
seemingly emailed from a superior or strategic partner). Traits that make
people most susceptible, according to Barker, include being:
“Humanity is innately curious,” which is
why we find clever click-bait titles, engaging images and emails that sound like
they kinda-sorta-may be legit just alluring
enough to merit a click.
Because most people see themselves as generally good and inherently
trustworthy, they can innocently forget that others will act maliciously. Online, this naivety often moves people to follow
a link (or several) without considering the cybersecurity implications.
Narcissism includes a craving for admiration, which may help explain why so
many social media users, especially younger ones, constantly seek more
followers and publicly share reams of detailed, highly personal information. This
practice positions Facebook and other popular platforms as the ideal breeding
ground for ‘catfishing’
and other socially engineered attacks.
To effectively mitigate social engineering
threats, business leaders must create a robust cybersecurity culture that not
only raises employee awareness, but, through ongoing education and training,
encourages a ‘question everything’ or ‘think-before-you-click’ mentality that helps
workers avoid accidently exposing sensitive information. Work with us
to review and update
your IT security policies.