Whitepaper: How to Protect Insiders from Social Engineering Threats
0 Comments
Microsoft published a 37-pages paper about a rarely-treated topic: social engineering.
The large majority of people listening at social engineering examples usually smiles or laughes, thinking about action movies like Mission Impossible or 007 series.
Security professionals aren't much different: in years of security courses I rarely found persons sensible to the topic, or taking it seriously.
The biggest reason for such behaviour is unbelief. People simply don't believe someone is able to threat service desk like it happens on the movies.
Even those security professionals who are aware of social engineering, usually have an inner conviction that there are no real chances an attacker could use social engineering techniques.
This lead to a numer of documents about this topic near to zero.
How to Protect Insiders from Social Engineering Threats, aimed to SMB companies, is interesting because, while very introductory, touches several points, including how to plan a reception hall:
The large majority of people listening at social engineering examples usually smiles or laughes, thinking about action movies like Mission Impossible or 007 series.
Security professionals aren't much different: in years of security courses I rarely found persons sensible to the topic, or taking it seriously.
The biggest reason for such behaviour is unbelief. People simply don't believe someone is able to threat service desk like it happens on the movies.
Even those security professionals who are aware of social engineering, usually have an inner conviction that there are no real chances an attacker could use social engineering techniques.
This lead to a numer of documents about this topic near to zero.
How to Protect Insiders from Social Engineering Threats, aimed to SMB companies, is interesting because, while very introductory, touches several points, including how to plan a reception hall:
To attack your organization, social engineering hackers exploit the credulity, laziness, good manners, or even enthusiasm of your staff. Therefore it is difficult to defend against a socially engineered attack, because the targets may not realize that they have been duped, or may prefer not to admit it to other people. The goals of a social engineering hacker-someone who tries to gain unauthorized access to your computer systems-are similar to those of any other hacker: they want your company's money, information, or IT resources.
A social engineering hacker attempts to persuade your staff to provide information that will enable him or her to use your systems or system resources. Traditionally, this approach is known as a confidence trick. Many midsize and small companies believe that hacker attacks are a problem for large corporations or organizations that offer large financial rewards. Although this may have been the case in the past, the increase in cyber-crime means that hackers now target all sectors of the community, from corporations to individuals. Criminals may steal directly from a company, diverting funds or resources, but they may also use the company as a staging point through which they can perpetrate crimes against others. This approach makes it more difficult for authorities to trace these criminals...
Most Recent Articles
0 Comments:
Post a Comment
Links to this article:
Stay up to date |
|