Whether it is dumpster diving, pod slurping, or impersonating someone else, hackers know that social engineering is still a good way to penetrate our security. See, social engineering hits directly at our weak spot, people. People are still the weakest link in the security chain and it is difficult to fix because it means changing behavior.
I recently had the opportunity to talk about social engineering with Carl Herberger. Carl is VP of Information Security and Compliance Services with Evolve IP, a managed technology provider. I asked Carl why hackers are still using social engineering to gain access to organizations. He told me, "it's easier to infiltrate an organization because security is not focused here. Technology can't fix this problem alone, it requires a change in behavior." Carl listed five vulnerabilities tied to bad behaviors:
Even though social engineering attacks are some of the most difficult to defend against, not all is lost. There are technical controls that can be put into place:
In addition to the technical controls, Carl recommends that a company implement an awareness and training program. According to Carl, "if an employee does not know what social engineering is and how they can be exploited, how will they ever change their behavior?"