Why social engineering has become a greater threat to business today
criminals are drawn to the opportunities that social engineering entail,” warns Agari’s Jakobsson. Given that the threat landscape has changed so significantly over the past several years, with social engineering and social hacks highlighting the issue of human fallibility, new approaches to IT security must be explored and embraced.
One such approach to emerge is based on the concept of a Zero Trust Network. Traditional network security relies on a secure perimeter – anything inside the perimeter is trusted, and anything outside the perimeter is not.
A zero-trust network treats all traffic as untrusted, restricting access to secure business data and sensitive resources as much as possible to reduce the risk and mitigate the damage of breaches.
Tech behemoth Google, over the past few years, has developed a security model called BeyondCorp. This is a zero-trust, perimeter-less security framework that it uses to secure access for its 61 000 employees and their devices.
Without doubt, the zero-trust network model is fast gaining traction within global cyber-security, but it remains out of reach for many smaller and mid-sized organisations. Looking ahead, we are likely to see the zero-trust model implemented in hybrid forms, depending on the nature and size of organisations.
Stumbling block
Increasingly, cyber-security experts are realising that they need to take a more predictive – and proactive – approach to combating the ever-evolving threats. Arguably, the major stumbling block is that the whole security industry is always reacting to yesterday’s attack.
“That is kind of the mindset the whole industry has – that if you analyse yesterday’s attack on someone else, you can help predict and prevent tomorrow’s attack on you,” says Darktrace chief executive Nicole Eagan, in an interview with hackernoon. com. “It’s flawed, because the attackers keep changing the attack vector…”
With advances in AI, and more specifically, machine learning, Eagan and many others see an opportunity to understand – in real time – what’s going on. Ultimately, AI can be leveraged to recommend actions to take – even if the attack in question has never been seen before. This approach harnesses machine learning to learn the “norm” of any given system, and then consistently runs checks to see if there’s any deviation from that norm…
While emerging security concepts and new technology such as AI will play key roles in the fight against cyber-criminals and social engineering, businesses and managers will always need to focus on ongoing education and internal awareness.
It is up to individuals, business leaders and companies to be proactive and ensure they’re taking every action possible to guard against social hacking and other online criminal acts.