Smart criminals know their success hinges on exploiting weakness. That’s why they go after the lowest-hanging fruit.
For social engineers, that weak link typically is an organization’s own staff and procedures, says David Blazier, marketing manager for TraceSecurity, a CUNA Strategic Services strategic alliance provider.
Unlike traditional security threats, social engineering exploits human nature: peoples’ desire to help others, avoid conflict, prevent mistakes, and spare others from getting in trouble, he says.
Seasoned social engineers target low- and mid-level employees such as receptionists, cleaning crews, tellers, and even managers of remote locations.
Blazier advises “reinforcing the chain” by giving staff adequate tools to combat social engineering. These include:
“The most advanced firewalls, intrusion detection systems, and video surveillance don’t offer much protection against social engineers who use unsuspecting employees to breach security and access sensitive information,” Blazier says. “The best defense is a well-trained, well-equipped staff that understands its role in protecting the organization. It’s up to management to provide staff with the training, guidance, and tools to effectively combat this growing threat.”