Why Social Engineering Works And How To Arm Yourself Against “Human Hacking”

This is a nice explanation of the knee-jerk human condition that fuels social engineering and its success in the workplace, all be it with a commercial lean toward the successes of KnowBe4 and their awareness programs.

https://blog.knowbe4.com/why-social-engineering-works-and-how-to-arm-yourself-against-human-hacking

White House Security Adviser Duped by UK Prankster

To be very clear, this article and the related breach have very little to do with technology and everything to do with user awareness and due diligence.  This is an example of social engineering.  The White House should be weary and concerned and should take steps to train and educate immediately, especially in an environment where significant turnover seems inevitable.

https://www.infosecurity-magazine.com/news/white-house-security-adviser-duped/

Half of IT Pros Say Insider Threats Are a Bigger Concern Than Hackers

I would place myself in the category of someone who believes the insider threat is the biggest risk to an organization, but with a strong clarification.  Insider threats are threats that are caused by humans – human error, socially engineered staff, and users with malicious intent.  People will make mistakes and no amount of technology can fully prevent those errors.  We must train our users thoroughly and often and we must prepare for the inevitable mistakes that will happen.

http://www.infosecurity-magazine.com/news/half-of-it-pros-say-insider/

Organizations ‘need to deliver social engineering training’

As we enter cybersecurity awareness month in earnest, this article is particularly timely and relevant.  Social engineering remains one of the greatest threats to the loss of data and system compromise.  We have to take this threat seriously and train our employees and colleagues and family members to defend against it.

Consider updating your IT Security training to include sections dedicated to recognizing and defeating social engineering attempts.

http://www.welivesecurity.com/2016/10/04/organizations-need-deliver-social-engineering-training/

Microsoft Patches USB-Related Flaw Used in Targeted Attacks

This is a more common threat than most would care to admit, but the threat is largely not the work of hard core hackers and social engineers.  It is better attributed to lazy employees and poor home computer hygiene.  That said, I am pleased to see Microsoft addressing this problem once again and for providing an event log for better tracking of attempted attacks.

https://threatpost.com/microsoft-patches-usb-related-flaw-used-in-targeted-attacks/114240

Man escapes from jail after sending fake bail email

This article was simply too good not to share and shows the lengths to which criminals can and will go in creating an effective phishing or spoofing mechanism.  Don’t lose sight of the fact that this individual successfully social engineered his way out of prison while actively incarcerated.  Imagine what a good criminal can do from the comfort of his or her own home.

https://nakedsecurity.sophos.com/2015/03/31/man-escapes-from-jail-after-sending-fake-bail-email/

5 Social Engineering Attacks to Watch Out For

Social engineering is in many cases the first attack vector for cyber criminals.  A well crafted email or a sincere and confident phone call are often all that is necessary for a criminal to gain access to a targeted computer system or network.  Beware and take heed and seriously consider the content and advice provided in this article from Tripwire.

http://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/