More focus on how to spot social engineering attacks is needed in organizations, according to an expert.
Jenny Radcliffe, who specializes in the “psychology” of this technique, said that organizations now have to move on from social engineering awareness, reported Computer Weekly.
Speaking at the inaugural Security Serious Conference in London this week, Radcliffe explained that cybersecurity training is vital in ensuring that employees have the ability to better spot and deal with this type of attack.
“In terms of security awareness training, social engineering is a good place to start because it is easy for people to understand and identify with,” the online news provider quoted the expert as saying.
“SOCIAL ENGINEERING IS EASIER TO EXPLAIN THAN TECHNICAL THREATS AND IT HELPS LINK PEOPLE’S PERSONAL LIVES WITH THE OVERALL SECURITY MESSAGE THEIR SECURITY TEAM IS TRYING TO COMMUNICATE.”
“Social engineering is easier to explain than technical threats and it helps link people’s personal lives with the overall security message their security team is trying to communicate.”
Social engineering is a form of psychological manipulation. Cybercriminals use it to trick people into handing over personal and sensitive information, usually through deceptive and fraudulent means.
Phishing is one in which criminals try to access usually confidential information, whereby they try to pass off malicious emails, websites and messages as being credible and trustworthy.
Social engineering is also extremely commonplace. As David Harley, a senior research fellow at ESET, previously noted: “A lot of criminal activity makes at least partial use of social engineering. It’s been a constant all through the life of internet security.”
According to Matt Hancock, the UK’s minister of state for digital and culture, the Security Serious Conference aims to help organizations better grasp the importance of cybersecurity.
by Narinder Purba, ESET We Live Security