How a social engineering expert gained access to extremely sensitive information with little more than a thrift-shop shirt, a plate of cookies and a Linksys box.
Social Engineering has always been and will continue to be a threat to any enterprise. But it is a complicated test to perform. First the group of professionals that are able to effectively perform this test are few. At first glance the process seems to be easy, but it takes a certain type of mind and experience interacting with people to understand how to successfully manipulate an individual.
Secondly I find many organizations shy from implementing the test because they feel it targets employees. I try to encourage companies to not look at the test in this manner. A true social engineering test is not trying to point out the flaws in an individual, its goal is to highlight flaws in procedures, policy's and employee education.
If you want some fun reading about social engineering read the "Rogue Warrior" series of books (a dozen an counting) by Richard Marcinko. He is a former Navy Seal who writes about performing "Red Team" attacks on various facilities. His language is rather blunt but he gets the point across.
Social Engineering: Anatomy of a Hack
How a social engineering expert gained access to extremely sensitive information with little more than a thrift-shop shirt, a plate of cookies and a Linksys box.
» View Article
Social Engineering has always been and will continue to be a threat to any enterprise. But it is a complicated test to perform. First the group of professionals that are able to effectively perform this test are few. At first glance the process seems to be easy, but it takes a certain type of mind and experience interacting with people to understand how to successfully manipulate an individual.
Secondly I find many organizations shy from implementing the test because they feel it targets employees. I try to encourage companies to not look at the test in this manner. A true social engineering test is not trying to point out the flaws in an individual, its goal is to highlight flaws in procedures, policy's and employee education.
If you want some fun reading about social engineering read the "Rogue Warrior" series of books (a dozen an counting) by Richard Marcinko. He is a former Navy Seal who writes about performing "Red Team" attacks on various facilities. His language is rather blunt but he gets the point across.
i want to hack C.S.O.
The final paragraph is the key to the article.
Security Awareness Training is a requirement for any organization. Without awareness you will never have a secure environment.
HackerTarget.com
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK