When it comes to this new informational age not all of the attacks that we see have to be technical in nature. Sure most of the attacks that you deal with will be technology driven. And there is a good reason for that. Most of the important data that is out there is stored on computers and if you want to be able to get to it you need to be able to bypass that type of security. But getting past the security in a technical way is not the only way that you can get to. There is always going to be a human being who has access to that type of data. And if there is a human being that has access to that data then that means there is a way for you to be able to talk them out of it. All you need is the right hook.
Yes, we are talking about social engineering and it is the part of being a hacker that you really never hear about. But real hackers, both white hat and black hat, take the skill seriously and it is something that is really paid attention to. That is why at most of the major hacker conferences around the world, social engineering games will be part of the activity that people have fun with. They see the brain as just being another computer that you can fool around with and make it do whatever you want to it. And they are partly right. Social engineering is not something that is new. As a matter of fact it is something that has been around a lot longer than being a computer hacker has been. It has just been called different names over the years. From being a psychiatrist to being a con man, they all have techniques in use that will help them in the pursuit of being able to manipulate you in some manner.
But if you own a business you really have to worry about people being able to use social engineering skills against your employees. You may think that it would not happen to you but it happens to companies all of the time. One of the games that are played during the Defcon hacker conference is calling up major corporations and seeing how far they can get when it comes to getting past security just by using the phone. They place a speaker up so that everyone can hear what is going on. And a lot of the time they are able to get pretty far up the corporate ladder just by using the telephone.
So if that can happen to employees of a big corporation then it can happen to your employees as well. The person doing the social engineering does not need to be able to hypnotize the person that is working for you, all they have to do is to ask the right questions. For the most part people are very trusting by nature and they are glad to help other people. The person who is performing the social engineering will use that fact and try to manipulate the person. To the person who is being manipulated all it seems like is the person is asking a few non harmful questions. But meanwhile they are gathering up information so that they can perform their attack.
If you have employees teach them what information that they can give out and what information that they cannot give out. You need to teach them that what they think might be harmless information can be gold to the person who is performing the social engineering.