Trust nothing, question everything: Social engineering and the insider threat

Social engineering (in the context of information security): The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

The greatest concern for the 580 information security professionals that responded to the 2017 Black Hat USA survey was the threat around phishing and social engineering (50%, up from 46% in 2016).

Coupled with the fact that the same respondents felt the weakest link in defences was end users being easily fooled by social engineering attacks (38%, up from 28%) this should come as little surprise to security professionals. But these figures may help them to gain that C-suite-level buy-in when trying to develop an efficient and, more importantly, relevant security education and awareness package for their organisation’s personnel.

Social Engineering became a familiar information security term to me when I was reading The Art of Deception by Kevin Mitnick. However, Social Engineering had been exploiting weaknesses in human nature for many years prior.

Read the whole cool article here.

Source: IFSEC GLOBAL

Topics: Social Engineering, spear phishing attack, The Art of Deception, cybersecurity expert, keynote speaker, security awareness training, security education, malware, Trojan, phishing, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

How Long Will It Take To Recoup From a Data Breach?

While many think of the steps needed to avoid a data breach, it’s equally important to think about the steps your business would need to take in the w..

Read more ›

Ransomware Attacks: Trends and Most Targeted Industries

With the rise of worldwide ransomware attacks, 2024 is the perfect time to understand why these current cyber threats are happening and how to safegua..

Read more ›

New SEC Regulations Regarding Data Breaches

On December 18, 2023, the Securities and Exchange Commission (SEC) introduced new regulations for organizations regarding response procedures in the e..

Read more ›
tech-texture-bg