The last attack that needs to be addressed can be one of the easiest and most productive attacks of all social engineering . It plays on human behavior and how we interact with one another. The attack doesn't feel like an attack at all. As a matter of fact, we teach our employees to be customer service oriented, so many times they think they are being helpful and doing the right thing. It is imperative that you understand how easy social engineering has become. Some scenarios of social engineering attacks are provided in the following list:
In each of these situations, an attacker tries to manipulate corporate users to gain access or knowledge that will allow him entry into either the building or the network. Empathy and urgency are played upon in the first two scenarios. This makes users feel that it is okay to give out information or allow access to the building. In the third scenario, the user is made to feel that the use of email will be affected if she doesn't comply . Each attack plays on human behavior and our willingness to help and trust others. The best defense against social engineering is a combination of operational/administrative, technical, and environmental control. It comes down to technology, policies, education, awareness, and training. Now that we've completed our overviews of the different types of attacks and viruses, you need to understand the auditing process so you can track users' actions on the network to prevent these attacks and viruses from occurring. |