Recently, I was commissioned by an organisation of significant size and in a high-risk industry to demonstrate to the Board the vulnerability of its employees to criminal hackers using non-technical means. Using Open Source Intelligence to gather information on a selection of the most senior individuals in the organisation, I was able to reveal how easily and legitimately, I was able to engage with them, physically access their office building; and if had I intended to do so, use the insight to hack into the business. It was an ‘eye-opener’ for the Board!
This is what malicious social engineers do – they leverage the ‘Perfect Storm’ – created by the organisation’s culture, the employees’ frame of mind and lack of security awareness and the ready availability of detailed personal information, to use social engineering and the “human factor” to gain business sensitive information for their own financial gains.
“Many hackers see employees of
organisations as “the weakest link”
As the technology becomes more complex, many hackers see employees of organisations as “the weakest link”, but to what extent this is the case relies on many factors other than the mere fact of human beings working for an organisation. Several factors in organisations make firms more or less vulnerable to hackers, and it is possible to defend, mitigate and ‘patch’ your own human vulnerabilities.
I’m talking about this issue at the upcoming Cyber Threat Landscape for Law Firms on 23 February 2017:
My presentation will be fast paced, humorous and revealing! Hope to see you there!
About Jenny Radcliffe
Jenny Radcliffe is an ethical expert in Social Engineering, negotiation, persuasion and influence, non-verbal communication and deception. She uses her skills to help clients – from global corporations and law enforcement to poker players, politicians and the security industry – to protect themselves from cyber criminals.