The media is full of stories about computer hacking, as the latest viruses, worms and Trojans are devised by unscrupulous hackers to penetrate systems, steal data and blackmail individuals and organisations. Obviously, we all have to keep on our toes and up to date with the latest developments in cyber security, but the strongest firewall in the world can’t protect you from that most elementary data flaw – human weakness. Hackers can still gain access to an otherwise secure system via an employee clicking on a dodgy link they think came from a Facebook friend or trusted Linkedin colleague.
This practice of gaining access to buildings, systems or data by utilising human psychology rather than hacking software is known as social engineering, and it’s becoming increasingly sophisticated.
For instance, some social engineers have taped the holding music organisations use to convince real employees they call that they’re genuinely part of the company. This can be especially effective for gaining information when the hacker is screaming that it’s an emergency.
Other scams are as old as the hills.
One security consultant demonstrated how easy it is to bypass the system when, with the use of a Cisco T-shirt (price – $4 from a thrift store), he gained regular access to a building, getting his mates in to help him to use malware-ridden USBs to hack the system in full view!
This may be an extreme example, but it perfectly illustrates how easy it is to gain access illegally to an organisation. A more common method is classic spear phishing, where emails purport to come from friends or coworkers, with attachments containing the virus or malware, to be activated when clicked
Over the past decade, most major cyberattacks on U.S. corporations, including hacks of Google and security giant R.S.A., have included social engineering, experts reckon. Therefore, the need to counter social engineering is stronger than ever.
It’s never been a better time to study social engineering security, as jobs in cyber security are plentiful, highly esteemed and very well paid. You’ll find a great range of cyber security courses on Udemy, giving you a strong background to tackle more advanced exams and gain a lucrative job in the cyber security industry.