Social Engineering

Social Engineering

            Social engineering is one of the easiest ways that attackers use in the penetration of the defense system of a firm which can be proven and strongly supported with logical reasons. It also refers to a type of influence aiming to change the perception and behavior of people through deceptive tactics as well as manipulation of people to perform leak confidential information. It depends entirely on the human interaction involving cooing of people ensuring that they break normal security protocol. The attacker deceives by acting as a trustworthy fellow for a useful purpose which is intended to access sensitive data in the system. The aim of this paper is to elaborate on how security engineering is normally used in undermining the security of information systems.

Social engineering has been combined with hacking several times to power treacherous attacks most of which exploit trust upon which social networking is based. Some of the common social engineering attacks used in leveraging information include phishing where attackers employ emails and social media to deceive victims to provide sensitive information. Watering hole, where the attack involves the injection of spiteful codes on public websites which are targets for victims. Pretexting, the attacker creates a false identity which he then uses to influence the receipt of data. Tailgating, a technique used by the attacker to seek entry into restricted areas that lack proper authentication by walking in behind a personnel with authorized access into the desired area. It is through these methods and many others, that attackers use to undermine the security of information systems.

Social engineering contains core techniques upon which it thrives and information systems are vulnerable to these techniques. These techniques include familiarity exploitation where the attacker tries to make it seem normal to everyone about how legit your presence is. Familiarity helps lower the guard of the target population as there is a tendency of comfort around familiar people. Once familiarity has been achieved, attackers tailgate behind people into secure areas as no alarm is set off.

Creation of a hostile situation works in handy for social engineering as people tend to withdraw from hostile conditions. This technique comes in handy when going through secure areas where people will tend to stop you or question your presence. In hostile conditions people tend to obey the wishes of the angry and are less likely to stop them and therefore, asking for information as well as the location of vital data isn’t as hard in such a scenario.

Success in social engineering entirely relies upon gathering and use of information. The more knowledgeable you are concerning your mark the higher the chances of getting the desired information. Perfects spots of gathering information about the target include online sites such as Google, Facebook, My space among others, watering holes similarly work perfectly in such setups. With the right information acquired from the gather, attacking an information system is rather not as complicated as compared to attacking it without any information.

Depending on the reward, social engineers acquire jobs in the target organization in order to get all the data they need. Due to the lack of or low background checks level, the hiring of people with malicious intent is highly possible. Once inside and more trusted, social engineering a core-worker comes in handy due to the trust as a fellow employee working towards the same goals of the firm. Likewise, promotion to higher levels means expose to more vital information about the firm upon which social engineering can easily thrive.

Over reliance on security mechanisms has been one of the major downfalls of many information systems. This is because many social engineers have developed programs that pose as security firewalls against attacks yet in the real sense they themselves are the attackers. Once installed, the program infiltrates into the system, retrieving all the vital data required by the social engineer as programmed. Employees’ ignorance, as well as the lack of proper education, comes in handy for social engineering. Employees tend to download malicious files from the internet through E-mails and counterfeit programs. Such files bring about the impairment of the information system.

Despite the techniques used by social engineering in attacking information systems and the methods used, control measures have been put in place to protect the systems against social engineering attacks. Some of the measures include the creation of education and awareness program among the workers to train and educate them the need for privacy in terms of personal information on the internet and restricting internet access where necessary. Good security architecture and policy aid in combatting social engineering. Constantly updated and legit security software provides a perfect firewall against such attacks.

However, despite all the measures suggested and those put into practice, social engineering is still one of the nightmares of any organization using or planning to use information technology in transforming its business operations. This is because of the presence of backdoors in information systems upon which social engineering can attack through, reluctance among the employees concerning the security of the firm among other reasons.