Home » Combat Social Engineering: Don’t Be the Weakest Link
Technology|Operations

Combat Social Engineering: Don’t Be the Weakest Link

Smart criminals go after the 'lowest hanging fruit.'

David Blazier
September 16, 2010
No Comments
KEYWORDS engineering / security / social

Characteristics of a weak security chain

Industry experts and government regulators agree that institutions most at risk of succumbing to social engineering tactics tend to lack:

  • Adequate policies and procedures pertaining to physical security;
  • A security awareness program that allows for training of employees at all levels; or
  • An established system of vendor and visitor tracking.

These three elements are dependent on each other to properly defend against the threat of social engineering schemes.

A deficiency in one area creates significant vulnerabilities in the others, allowing easy entry points for savvy criminals to exploit.

Of course, professional social engineers know this information, too. That’s why tactics like the “trusted vendor” scenario—which can exploit numerous vulnerabilities simultaneously—tend to be highly successful at organizations that have inadequate polices and procedures, limited security awareness training, and no formal system of tracking authorized vendors.

Next: A ‘trusted vendor’ scenario

KEYWORDS engineering / security / social

Related Articles

Protective Patterns

Ten Tips on Going Virtual

E-Signatures: A New Avenue for Forgery?

Recent Articles by David Blazier

Social Engineers Target Service Staff

Beware of Criminals Posing As 'Fellow Employees'

What You Don’t Know Really Can Hurt You

Don’t Ignore Threats From Behind the Firewall

Author

David Blazier

Post a comment to this article

Only In Print Fraud Fight

Fraud Fight

Combine best practices and sophisticated tools to fend off cyberattacks.

Your Weakest Link

Your Weakest Link

Cyber thieves target employees through fake profiles, email scams, and malware.

Strive for ‘Top of App’ Status

Strive for ‘Top of App’ Status

Drive interchange revenue by providing members with incentives to use your cards.

App Digital Edition Subscribe

What's Trending

CUs see significant reg relief in House-passed approps bill

The House voted Thursday in favor of an appropriations bill that contains several major victories for credit unions. It does not place NCUA under the appropriations process, and makes significant changes to the CFPB.

CUNA takes breach concerns to Equifax, requests briefing

CUNA President/CEO Jim Nussle encouraged Equifax to take additional steps to notify all consumers impacted by its data breach in a letter sent Wednesday. Equifax announced the breach late last week.

Strong CU grassroots activism results in major industry victory

The House approved by voice vote Wednesday an amendment removing language placing NCUA under the appropriations process from H.R. 3354, a major victory for CUNA, leagues and credit unions who advocated strongly in support of the amendment.

Your Say

Has your credit union developed a training program for employees that will prepare the credit union to avoid cyberattacks?

View Results Poll Archive