INFO 644 CRITICAL THINKING

#1

Vincent Leone

CRITICAL THINKING #1

AGENDA

• What is Social Engineering?• Implications for Social Engineering attacks• Social Engineering Examples• How do perpetrators breech security? • Technical & Social Vulnerabilities• Preventing Social Engineering Attacks

CRITICAL THINKING #1

Social Engineering (SE) – The gaining of information from legitimate users for illegitimate access.

Social Engineering is nothing more than an old-fashioned con game in a high tech world!

CRITICAL THINKING #1

Social Engineering attacks can result in the theft of:

• Intellectual property• Client lists• Account details• Organization finances• Government classified information• Customer data: SSNs, birthdates, credit card numbers

CRITICAL THINKING #1

Social Engineering Examples:• Phishing• Piggy backing• Shoulder surfing• Computer technician• Customer service• Blackmail• Bribery

CRITICAL THINKING #1

Who are the perpetrators responsible for breeching information systems security?

• Hackers• Identity thiefs• Foreign governments - espionage• Corporate competitors • Disgruntled employees – internal threat

CRITICAL THINKING #1

Technical Vulnerabilities:• Weak Passwords• Remote access• Poor firewalls • Civilian e-mail• Systems are interconnected (VCU Portal)

Social Vulnerabilities:• Over confident personalities• Trusting people who want to help others• Employees who do not follow policies

People are the largest vulnerability in any system!!

CRITICAL THINKING #1

Preventing Social Engineering Attacks:• Provide Awareness training• Conduct social engineering penetration attacks.• Mandate strict adherence to organization information security policies. • Make social engineering part of an organization’s defense strategy.

CRITICAL THINKING #1

FINAL QUESTION

What is the single best way to combat social engineering attacks?