Popular Mechanics (South Africa)
SOCIAL ENGINEERING: the new wave of con artistry
More than 91 per cent of all cyber attacks start with an email. So, it’s very likely you’ve been a target – whether you’ve acted on it or not.
SOCIAL ENGINEERING IS THE manipulation of people for gain by fraudulent means. This is tied to cyber crime and, more often than not, takes the form of phishing scams.
So how do you protect yourself against what the experts call a people-based attack? We turned to the experts for an answer: specifically Jenny Radcliffe, who presented at the IT Leaders Africa Summit in Cape Town. Radcliffe built her career on equipping various institutions, including private corporations and public service agencies, with the tools to protect themselves from such attacks.
“Your employees know how to hack your system,” she says, “and (criminals) are looking for when they do it so that they can copy it.”
Social Engineering is the name given to the practice of manipulating people in the modern age, says Radcliffe. She says that the change lies in the technology that enables con artistry to be communicated to targets.
But this type of attack doesn’t always happen overnight. It could take weeks, even months, for a criminal to get the knowledge that allows them to exploit your system.
Case in point
“In an incident I worked on recently, a procurement professional was persuaded to commit invoice fraud by means of
1. Assign role-based permissions to administrators to better control access to key systems. 2. Implement internal safeguards and data exfiltration controls to stop confidential data from being leaked. 3. Offer creative employee security training programmes that deter potential malicious insiders and promote effective processes to act swiftly in the event of an attack. 4. Nurture a culture of communication within teams to help employees watch out for each other. 5. Train your organisation’s leadership to communicate with employees to ensure open communication and awareness.