Compugen logo Compugen

  • Client Login
    • Case Lookup
    • Emerge Login
  • Find A Location
  • Careers
  • Blog
  • search
  • menu Menu
  • Business Solutions
  • Products & Services
  • About
  • Customer Stories
  • News
  • Events & Training
  • Contact
  • Compugen
  • Home
  • Business Solutions
    • Industry
      • Reimagine education with Compugen
      • Transformed services. Personalized patient care. Welcome to the Modern Hospital.
      • Reimagine the campus of the future
      • Technology solutions that empower retailers
      • IT Service for small & medium business
    • Strategy & Architecture
      • ​​IT Planning & Roadmaps
    • Datacentre & Cloud
      • Converged Datacentre
      • Cloud Computing
      • Server Virtualization
      • Enterprise Storage
      • Data Management & Protection
    • Communication & Collaboration
      • Business Communications
      • Networking
      • Wireless
    • End User Computing
      • Managing the Desktop
      • Mobility
      • Application Delivery
    • Security
  • Products & Services
    • Managed & Packaged Services
      • Managed & Packaged Services Overview
      • End User Support
      • Infrastructure Support
      • Software Management
      • Managed Print
      • Packaged Services
    • Professional Services
      • Professional Services
      • Program & Project Management
    • Support & Maintenance
      • Imaging & Deployment
      • Ongoing Maintenance
      • Staffing
    • Asset Disposal & Recycling
    • Hardware & Software Management
      • Hardware
      • Software
      • Online Lifecycle Management (Emerge)
    • Financing
  • About
    • Our Story
    • Leadership
    • Our Offices
    • Our Partners
    • Green Initiatives
    • Community Involvement
    • Awards
  • Customer Stories
  • News
  • Events & Training
  • Contact
IT Buzz Banner

Looking for a little inspiration, some ideas or trusted advice? We've got you covered.

Social engineering: network security's weakest point

Posted By Julian Galley November 12, 2013 in Security, social engineering

Recent news about the NSA accessing personal information, and allegations of Canadian officials spying on their Brazilian counterparts, has brought surveillance and security issues to the public eye once again. Because network security is one of my areas of specialization, people often come to me when topics such as these ones make the headlines. Everybody is quick to scrutinize the technology – what was wrong with the technical solution, the architect or the network. However, in my opinion, we often overlook one of the most dangerous vectors of a security attack: social engineering. hacker's polite approach works like a charm Social engineering refers to the manipulation of people - convincing them to divulge personal information. I don’t believe most people would willingly give up their usernames and passwords, but an efficient social engineer has multiple points of contact and knows how to put all the little pieces together to eventually gain unauthorized access to a secure network or system. I was recently at an IT conference where I saw someone wearing a t-shirt that said “Social engineering – because there is no patch for human stupidity.” It made me laugh because it’s very true. We diligently strengthen computer infrastructures, servers and datacentres with patches to overcome security flaws so that they are no longer vulnerable. But it’s hard to do the same with people because it requires fighting human nature. Social engineers capitalize on people’s good nature and trust, and that’s what makes it so hard to protect against it. I also recently listened to a presentation by Kevin Mitnick, a former hacker who now runs a security consultancy called Mitnick Security. Mitnick has said that it’s easier to convince someone to reveal their password than it is to crack a system, and we should believe him because he has years of experience doing just that. Here’s an example of how an effective con artist might use social engineering: First, this person might do some research to find out the names and positions of the influential people in your company. Then they call you up at work and say they are from the company’s help desk, and they name-drop to establish credibility and legitimacy. A lot of us who work at larger companies wouldn’t know the help desk person by name, but if the person was convincing enough, they may be able to get you to divulge your username and password. For example, they might say something like, “We just had a network incident and we need to generate a new username and password. Was your username this?” Over the course of the conversation, you reveal enough information that it can be used in another conversation with someone else. At the end of the series of conversations, this person has gleaned enough information to gain access to the company’s network. In years past, corporate IT was central in dictating how users accessed systems and information. The recent consumerization of IT trend has firmly entrenched the user as the center of the IT universe. Network security has had to become more dynamic and nimble as corporations want to provide anywhere-anytime-any device type access for users to information and applications. The old security rules don’t apply anymore as companies roll out BYOD programs and promote flex-work schedules based on remote access. For this reason, when I talk to customers about security, one of the first things I like to discuss is the human angle. The best antidote to social engineering is to educate your user base, not just about password security but also topics that are beyond the obvious. Engender a culture of healthy skepticism. Encourage users to question everything to a certain degree. Provide people with the necessary tools to qualify requests for information that may be carefully disguised social engineering tactics. Develop a robust security policy. Security policies aren’t a sexy topic but they are necessary and important because they work.

< Back to all Itbuzz & Articles
  • twitter
  • facebook
  • linkedin
Subscribe via RSS mail Subscribe via Email

Latest News

Ed Tech Awards

Compugen Named Canada’s EdTech Partner of the Year

November 19, 2020

Compugen is proud to announce it was awarded EdTech Partner of the Year for 2020 at the Canadian EdTech Leadership Summit. This award recognizes the extensive contribution Compugen has made to encourage and facilitate educational development through technology across Canada. Read More …

Azure 3

Cloud Adoption made simple in Compugen offerings featured on Microsoft’s Azure Marketplace

November 12, 2020

A simple, 3 step approach for organizations migrating or growing their cloud investment Read More …

News & Articles

What’s happening with Compugen? Read it here.

View all News Items & Articles

Simplify your business and watch it grow.
Let's start a conversation.

We address the bottom of the iceberg. Sign up and get relevant and timely content about our approach to business through an IT lens.

Navigation

Business Solutions

  • Industry
  • Strategy & Architecture
  • Datacentre & Cloud
  • Communication & Collaboration
  • End User Computing
  • Security

Products & Services

  • Managed & Packaged Services
  • Professional Services
  • Support & Maintenance
  • Asset Disposal & Recycling
  • Hardware & Software Management
  • Financing

Customer Stories

  • Corporate
  • Education
  • Energy and Utilities
  • Finance
  • Healthcare
  • Non-profit
  • Public Sector
  • Retail

About

  • Our Story
  • Leadership
  • Our Offices
  • Our Partners
  • Green Initiatives
  • Community Involvement
  • Awards

Careers

  • Working at Compugen
  • Current Opportunities

Contact

  • Find A Location

News & Articles

  • Find A Location
  • Awards

Client Login

  • Case Lookup
  • Emerge Login

Industry

  • K-12 Education
  • Healthcare
  • Higher Education
  • Retail
  • SMB

Connect With Us

  • twitter
  • facebook
  • linkedin
IT Buzz
  • Privacy Policy
  • Accessibility
  • Terms & Conditions
  • National Master Standing Offers (NMSO)

©2021, Compugen Inc. Website by Caffeine Creations.