The broad objective of this study is to evaluate the vulnerabilities of an organization's information technology infrastructure, which include hardware and software systems, transmission media, local area networks, wide area networks, enterprise networks, intranets, and its use of the internet to cyber intrusions. To achieve this objective, the chapter explains the importance of social engineering in network intrusions and cyber-theft and the reasons for the rapid expansion of cybercrime. The chapter also includes a complete description and definition of social engineering, the role it plays in network intrusion and cyber identity theft, a discussion of the reasons for the rise in cybercrimes, and their impact on organizations. In closing the authors recommend some preventive measures and possible solutions to the threats and vulnerabilities of social engineering. The chapter concludes that while technology has a role to play in reducing the impact of social engineering attacks, the vulnerability resides with human behavior, human impulses, and psychological predispositions.
TopIntroduction
Social engineering, also known as human hacking, is the art of tricking employees and consumers into disclosing their credentials and then using them to gain access to networks or accounts. It is a hacker’s tricky use of deception or manipulation of people’s tendency to trust, be corporative, or simply follow their desire to explore and be curious. Sophisticated IT security systems cannot protect systems from hackers or defend against what seems to be authorized access. People are easily hacked, making them and their social media posts high-risk attack targets. It is often easy to get computer users to infect their corporate network or mobiles by luring them to spoof websites and or tricking them into clicking on harmful links and or downloading and installing malicious applications and or backdoors.
In a 2013 study conducted by TNS Global for Halon an e-mail security service, 30 percent of the surveyed populace comprised of 1,000 adults in the U.S. disclosed that they would open an e-mail even if they were aware it contained a virus or was suspicious (Ragan, 2013). Even with robust campaigns conveying the dangers of opening suspicious e-mails a large majority of e-mail users remain vulnerable to social engineering attacks (Mann & Sharma, 2012). To confront the challenges posed from social engineering attacks, recommendations deriving from research offer options to reduce the probability of success from a social engineering attack.
With cyber security incidents growing exponentially in terms of frequency and damage to an organizations reputation in their respective marketplace, users and organizations have not adequately deployed defenses to discourage would-be attacker’s intent to strike. The terms information and network security continue to dominate U.S. headlines with a large-scale cyberattack surpassing the probability of a physical terrorist attack on U.S. soil. In fact, in a 2013 interview of FBI Director James Comey, the Director testified before a Senate Homeland Security Committee that cyber-attacks have surpassed terrorism as a major domestic threat, with the threat continuing to rise (Anonymous, 2013).
In this paper social engineering is defined along with the types of social engineering attacks. In addition, this research will identify why cyber theft continues to advance at an alarming rate. Furthermore, psychological variables that contribute to vulnerabilities will be discussed. And finally, studies will be presented that identify key considerations regarding social engineering testing and training, and point to how users can be coached to prevent attacks which offers a promising methodology to reduce system and user risk.