‘Security fatigue’ is among the topics addressed by a trainer in how to thwart social engineering attacks. One of her messages is that your physical security and your IT firewalls may be impressive (and expensive), but a social engineer can use your own staff to compromise those security measures, and to even literally or metaphorically open the door for the social engineer to enter.
She is Jenny Radcliffe, who will lead a pair of workshops in London on awareness of social engineering. Briefly, fraudsters seek physical access to a building, or use the phone or emails or social media forums, or a mix. Employees are tricked into giving away information. In a phrase, it’s a ‘human hack’.
Get over it
Jenny suggests that training about social engineering can be a good way to get over ‘security fatigue’. As she says, if you’re telling people to use strong passwords; be careful of what you post online, ‘a lot of these things seem very far away, or technical or nebulous’. A ‘social engineer’, making calls, is someone more easily pictured. This human element can mean that non-security employees identify with security better than the technical side. From experience – as someone who has done social engineering, and who these days is more of a trainer than a doer – she says that employees don’t think they are important enough or rich enough to be hacked. “But what they don’t understand is, if you have got someone who works for a company, any company, every single member of staff is a potential target for a social engineer, because every single member of staff knows something about that organisation. And can be pressured.”
Security fatigue
How do social engineers get around your building or network security? Go to the workshop and find out!? She terms ‘security fatigue’ as ‘the idea that there’s just too many people to think about and to worry about.” But there are ways, as given over the one-day course, to defend; to make staff aware and to convert that into a secure workforce. Or to put that another way, the culture of an organisation may turn staff into willing or unintentional social engineers themselves; again, Jenny says, there are ways to reverse that.
About the workshops
The social engineering awareness training (SEAT) workshops are running in central London on March 15 and June 7. Visit www.conference-network.co.uk.
Picture by Mark Rowe; central Milton Keynes.
