L.1 ATTACK TECHNIQUES
This section covers the attack techniques employed by social engineers (white hats) or evil-minded persons (black hats) using social engineering techniques.Breaching the security of an organization generally starts with the bad guy obtaining seemingly a very innocent, daily and trivial information or a document, which many persons in the organization see no reasons to protect or classify. Most social engineers will welcome the information that is seemingly harmless for an organization because such information might play a crucial role in showing themselves more convincing.
There are two main categories under which all social engineering attempts could be classified – computer or technology based deception, and purely
…show more content…
Humans being the weakest link in this attack, they need to be educated about the dangers of social engineering. They need to be trained on what social engineering is and how it can manifest itself in an organisation. People need to know the damage done by such thefts on an organization and personal level. These trainings should be a frequent occurrence. Training can include; employee indoctrinations, security- awareness briefings, and periodic newsletters [14.]
Users can go through trainings such as workshops or handed newsletters that emphasises on how to avoid social engineering. The employees need to be trained on how to challenge strangers and ask for some form of authentication or identification. To be effective, policies, procedures and standards must be taught and reinforced to the employees.
It is also important to make a standard that stipulates that sharing of passwords via phone or email is not allowed. The user should also not be allowed to write down their passwords and other credentials
…show more content…
Security Policies
Establishing and enforcing an anti-social engineering policy can be effective. These are basically standards and guidelines that entail the rules that work against social engineering and a user is required to follow. The security policy should be well-documented with sets of standards that form a strong foundation of a good security strategy. It should clearly document in simple terms, its scope and contents in each area that it applies to.
These policies will be redundant if not enforced and implemented. The users should be following these guidelines for the policies to be effective. Every new user should go