Social Engineering

By December 20, 2017Uncategorized

Social Engineering and the Dangers It Poses For IT Companies in Ottawa.

While most of the users of computer services in Ottawa are aware of the technical
expertise that hackers possess to gain unauthorised access to a device or network,
not many are aware of their capabilities in hacking people. Social engineering
is considered a powerful tool within the cyber security sector. IT companies in
Ottawa as well as users of computer services in Ottawa, need to understand that attackers
are trying to manipulate people as much as systems and protocols to gain access to
their data.

Social engineers are essentially con artists, with extraordinary skills in getting
an unwitting target to give information or perform tasks to meet their malicious needs.
With social engineering in their arsenal, attackers not only challenge technical
security solutions, but use human nature for their own advantage. Which means that
social engineers pose a significant threat to the security posture of IT companies
In Ottawa. Below are 3 examples of social engineering tactics that can be used against
a member of staff. This is not a comprehensive list, and some recommendations for
further reading on the subject will be presented at the end of this article.

Authority: In this method, the social engineer pretends to be a person of authority
within the company, to get the target to perform a task for them. They may act aggressively
towards the staff member, suggesting that they may lose their job if they do not
comply. They may also act kind, suggesting that a promotion consideration might
be on offer to them if they complete this task.

Sympathy: The social engineer present themselves as someone in the company who needs
help with a problem. They may act as though they are under extreme pressure from their
superior to complete a job and a problem such as computer issues is preventing them from
doing so. They will then ask the target staff member to complete the job on their behalf,
giving them guidance on completing the task.

Friendly: This method can be used for developing longer lasting relationships which the
social engineer can leverage on more than one occasion. The social engineer will present
themselves as a friendly and trustworthy person, establishing a camaraderie between
themselves and the target. The first few interactions might be innocuous to develop
the relationship. Eventually the attacker will “need a favour”, the target will do it
without question, believing the attacker is their trustworthy friend.

IT Companies in Ottawa and users of computer services in Ottawa should understand that
there are no technical solutions for social engineering. The only solution is being
informed. A great starting point for information on social engineering are the books
the Art of Deception and the Art of Intrusion by Kevin Mitnick, a prolific hacker and
social engineer during the 1980s and 90s. These books are not an awareness solution
though, and are therefore not a substitution for regular end-user awareness training.