This is a nice explanation of the knee-jerk human condition that fuels social engineering and its success in the workplace, all be it with a commercial lean toward the successes of KnowBe4 and their awareness programs.
To be very clear, this article and the related breach have very little to do with technology and everything to do with user awareness and due diligence. This is an example of social engineering. The White House should be weary and concerned and should take steps to train and educate immediately, especially in an environment where significant turnover seems inevitable.
This is in no way surprising and adds weight to the constant argument for more awareness training.
This article is a great motivational tool for reevaluating your security controls and awareness training. It does not take long at all to get hacked!
I would place myself in the category of someone who believes the insider threat is the biggest risk to an organization, but with a strong clarification. Insider threats are threats that are caused by humans – human error, socially engineered staff, and users with malicious intent. People will make mistakes and no amount of technology can fully prevent those errors. We must train our users thoroughly and often and we must prepare for the inevitable mistakes that will happen.
As we enter cybersecurity awareness month in earnest, this article is particularly timely and relevant. Social engineering remains one of the greatest threats to the loss of data and system compromise. We have to take this threat seriously and train our employees and colleagues and family members to defend against it.
Consider updating your IT Security training to include sections dedicated to recognizing and defeating social engineering attempts.
This is an interesting article detailing a social engineering campaign run by cyber crime entities and discovered by the team at Symantec.
This is a more common threat than most would care to admit, but the threat is largely not the work of hard core hackers and social engineers. It is better attributed to lazy employees and poor home computer hygiene. That said, I am pleased to see Microsoft addressing this problem once again and for providing an event log for better tracking of attempted attacks.
This article was simply too good not to share and shows the lengths to which criminals can and will go in creating an effective phishing or spoofing mechanism. Don’t lose sight of the fact that this individual successfully social engineered his way out of prison while actively incarcerated. Imagine what a good criminal can do from the comfort of his or her own home.
Social engineering is in many cases the first attack vector for cyber criminals. A well crafted email or a sincere and confident phone call are often all that is necessary for a criminal to gain access to a targeted computer system or network. Beware and take heed and seriously consider the content and advice provided in this article from Tripwire.