Social Engineering
Back to Services | Additional Services we offer
Social Engineering
Social engineering is best described as the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of an inappropriate trust relationship with insiders. The goal of social engineering is to manipulate someone into providing valuable information or access to that information using non-technical means. The sign of a truly successful social engineer is that they receive information without raising any suspicion as to what they are doing.
The business issues for loss of data are both well defined and significant. They include substantial fines for legal breaches, reputational damage and consequential financial impact. In the majority of cases the failure of staff to fully adhere to policy and process, linked to a lack of structured approaches to data management, forms the root of the problem.
In many cases organisations believe that they have resilient infrastructures that in turn can give rise to a false level of assurance. In 2008 European organisations invested €2.6 billion (Source: Gartner) to protect confidential information from cybercriminals who try to hack into their IT systems. This investment however only addresses one of the three main areas of information security – technology. The two other factors, people and processes, remain vulnerable and the three areas are in fact intrinsically interlinked. Investing a lot of money in IT security, while neglecting physical security, can prove just as much of a threat to information security as an electronic attack.
As technological advances are made in the fight against unauthorised logical intrusion on corporate systems and networks the social engineering approach to gain confidential information and personal data will undoubtedly increase.
POC Management consultants have extensive experience in conducting physical and telephone social attacks against many environments both in the private sector and government organisations.