Weakest Link In The Information Security Awareness Chain?!?

Answer of this question is simple and incredible for many people ears... Weakest link in informations security awareness chain is PEOPLE!!! Why? Because we are people with human weaknesses and there are people who use that to get benefit. Social engineering is the name given to a category of security attacks in which someone manipulates others into revealing information that can be used to steal data, access to systems, access to cellular phones, money or identity. That s definition, but actually, social engineering is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of an inappropriate trust relationship with insiders. There are three aspects of social engineering:
* Different avenues of persuasion * Perception that affect social interaction * Techniques for persuasion and influence.
Social engineers use many different methods to get out information from peoples. To retrieve desired information they can use computer based methods refers to software action or human based methods that refers to person-to-person communication, sometime even both. They can calling and pretend vice president or someone from tech support group, looking over a shoulder or even going through the trash. They can send you spam, chain letters and viruses and do much more to get necessary information! Here is one example of social engineering prepares by Melissa Guenther, LLC. : Mr.Smith: Hello? Caller: Hello, Mr. Smith. This is Fred Jones in tech support. Due to some disk space constraints, we re going to be moving some user s home directories to another disk at 8:00 this evening. Your account will be part of this move, and will be unavailable temporarily. Mr.Smith: Uh, okay. I ll be home by then, anyway. Caller: Good. Be sure to log off before you leave. I just need to check a couple of things. What was your username again, smith? Mr.Smith: Yes. It s smith. None of my files will be lost in the move, will they? Caller: No sir. But I ll check your account just to make sure. What was the password on that account, so I can get in to check your files? Mr.Smith: My password is tuesday, in lower case letters. Caller: Okay, Mr. Smith, thank you for your help. I ll make sure to check you account and verify all the files are there. Mr.Smith: Thank you. Bye. From this conversation we can see how clever and east they cheat information, allow us thinking that we are useful! Statistic said that, at the most risk to social engineering fraud is elderly, because they tend to be more trusting and less familiar with technology. But always there is possibility that everyone can become a victim of social engineer! Because it is so important, make information security awareness training like a part of daily life!
Article source: information security awareness



Bookmark it: