Hacking Humans: How to defend against Social Engineering attacks

by John Gunn, VP of Corporate Communications, VASCO Data Security Every business leader knows that a good reputation is more valuable than money; that gaining the trust of...

by John Gunn, VP of Corporate Communications, VASCO Data Security

Every business leader knows that a good reputation is more valuable than money; that gaining the trust of your customer is essential to the success of any organisation. They also know that losing that trust can be devastating to a business.

The trust that customers place in a business can be described in ‘fluffy’ terms but the truth is that once you lose it, it is one of the hardest things to regain; the old adage rings true:

“Trust is like a vase. Once it is broken, though you can fix it, the vase will never be the same again”

Social engineering isn’t new and is certainly not exclusive to the world of cyber-crime; however, it is a huge threat to corporate reputation. Worryingly, it is also a difficult threat against which to defend. Hackers have learned that one of the weakest links in any defence is not found in the technology but in the human element. From programming to policy, strategy to human error, exploiting human error is the key to any attack; with social engineering however, attackers bypass the tech side and go straight to the user, or the customer.

Social engineering is all about manipulating people to reveal confidential information. It works by exploiting that key element, trust, to obtain access.

The problem with this method is how to defend against it.

Most companies are aware of the importance of education. By making staff and customers aware of the risks and how to avoid them can certainly reduce the occurrence of these attacks but further steps need to be taken.

With any cyber-defence strategy, proactivity is the key and identifying the methods by which attackers are exploiting weaknesses is essential. Whilst phishing is the traditional method used to exploit social engineering, the prevalence of new methods such as SMS and voice phishing (SMishing/Vishing) is growing.

Education is a start but ensuring that enhanced defence mechanisms are in place is the only way to stay ahead of the exponential growth of this kind of threat.

In this article

Join the Conversation