Dark Reading
Protect The Business - Enable Access
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Topics: Hacked Off
I'm Interested, But In You
Social engineering is a disturbing aspect of overall security threat analysis because it is the human element that is least in our control. Security and psychology -- once again -- go hand in hand. By Gadi EvronDark Reading
Communication and manipulation are constructed of the same basic tools in our repertoire. In my experience, what changes are the following two aspects:
1. Our perspective on whether something is manipulative.2. The actor's intent.
I believe that basic communication training is critical for those who we want to develop enough common sense to be able to avoid being "socially engineered."
Telling our employees to never give out information unless a, b, or c happens is not necessarily going to work. Even with that know-how, I can remember several occasions in which social engineering worked on me. (Of course, I only realized it years later -- beyond a weird feeling in my stomach.)
Explaining and educating people about security risks, and even specific techniques and scenarios the social engineer might use, is important. But doing so in conjuncture with communication training of the "right kind" can really make a difference.
Follow Gadi Evron on Twitter: http://twitter.com/gadievron
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading.
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSHow To Spot A Fake Facebook Profile
FDIC Warns Of 'High Risk' Payment Processors
More Than Half Of Cyberattacks Come From Asia
MORE KEYHOLE
