October is Cybersecurity Month and an excellent opportunity to strengthen awareness surrounding the security of data – a matter of increasing importance in our ultra-connected world. With cyber security the foundation for digital trust, we explore one of the increasingly popular approaches to hacking, how to spot it and how to stop it.
Social engineering is a type of cyber attack in which a criminal manipulates someone into revealing confidential information, breaching an organization's cyber security. It's not related to complex coding and doesn't require a particularly impressive skillset – just a bit of patience and a bit of luck.
Of all recorded cyber attacks, 33% include some form of social techniques, according to US telco Verizon's 2018 Data Breach Investigations Report. And security specialist Positive Technologies tested just how successful social engineering can be, by sending 3,332 phishing emails to employees. More than a sixth – 17% – led to a data compromise.
In social engineering, the hacker impersonates an individual – which isn't hard with the growth of social media and public sharing of personal details – and quite simply gets them to share the desired information. These scams may seem obvious, especially in hindsight, but their success lies in their simplicity.
So for Cybersecurity Month, here are six techniques you can look out for to spot a social engineering cyber threat.
1. Feeling connected
These hackers will try to build a connection so the unknowing victim feels comfortable with them. Social media provides limitless options: a social engineer can easily start talking about having been to the same industry conference, the same music concert or the same restaurant as their target
2. Under pressure
Now you have some sort of relationship with the hacker, you probably won't think twice when they apply some sort of time pressure. They know an email that says "I've got a presentation in five minutes and don't have my login details" probably seems perfectly innocent. It's not.
3. The boss
A request from the top is more likely to be successful, which is why a regular choice of impersonation for social engineers is senior management. Information requests coming from above, rather than below, raise fewer eyebrows.
4. "A quick favor"
Having built a connection with their target, the hacker will ask for seemingly trivial favors. "Could you download this file for me? It won't open with my version of the software"; a quick favor for quick access to data.
5. An incentive
It's the oldest trick in the book – but it still works. In most cases, this will involve a free gift ("Click here to claim your voucher") but hackers will also take advantage of the human desire for romance: "You have a secret crush – click here to find out who it is."
Hackers know you don't want to be the odd one out, and you certainly don't want to be "that awkward employee". So they'll routinely encourage you to go with the herd, often adding some time pressure into the mix, by saying things like: "Everyone else has done this – you're the last, so please respond now."
Organizations should make sure private information is securely protected, but it's important to keep a look-out for these favored hacking techniques. Social engineers may use a combination of all six or, in some cases, using just one might be all that's required to get their hands on that sought-after, private information.
There are a number of ways businesses can reduce the threat of a cyber attack. One way is by becoming quantum resistant, as Jason Hart, CTO for the Enterprise & Cyber Security Division at Gemalto, a Thales company, explains in this video.