Last updated October 2019 - Average reading time: 4 minutes
October is Cybersecurity Month and an excellent opportunity to strengthen awareness surrounding the security of data – a matter of increasing importance in our ultra-connected world.
With cybersecurity the foundation for digital trust, we explore one of the increasingly popular approaches to hacking, how to spot it and how to stop it.
Social engineering is a type of cyber attack in which a criminal manipulates someone into revealing confidential information, breaching an organization's cybersecurity.
No rocket science, here.
It's not related to complex coding and doesn't require a particularly impressive skillset – just a bit of patience and a bit of luck.
Social techniques in 33% of cyberattacks
Of all recorded cyberattacks, 33% include some form of social techniques, according to US telco Verizon's 2018 Data Breach Investigations Report.
And security specialist Positive Technologies tested just how successful social engineering can be, by sending 3,332 phishing emails to employees.
More than a sixth – 17% – led to a data compromise.
In social engineering, the hacker impersonates an individual – which isn't hard with the growth of social media and public sharing of personal details – and quite simply gets them to share the desired information.
So for Cybersecurity Month, here are six techniques you can look out for to spot a social engineering cyber threat.
Let's jump right in.
# 1. Feeling connected
These hackers will try to build a connection, so the unknowing victim feels comfortable with them. Social media provides limitless options: a social engineer can quickly start talking about having been to the same industry conference, the same music concert or the same restaurant as their target
# 2. Under pressure
Now you have some sort of relationship with the hacker.
You probably won't think twice when they apply some kind of time pressure.
They know an email that says "I've got a presentation in five minutes and don't have my login details" probably seems perfectly innocent.
# 3. The boss
A request from the top is more likely to be successful, which is why a regular choice of impersonation for social engineers is senior management. Information requests coming from above, rather than below, raise fewer eyebrows.
# 4. "A quick favor"
Having built a connection with their target, the hacker will ask for seemingly small favors. "Could you download this file for me? It won't open with my version of the software"; a quick favor for quick access to data.
# 5. An incentive
It's the oldest trick in the book – but it still works. In most cases, this will involve a gift ("Click here to claim your voucher"), but hackers will also take advantage of the human desire for romance: "You have a secret crush – click here to find out who it is."
# 6. Conformity
Hackers know you don't want to be the odd one out, and you certainly don't want to be "that awkward employee".
So they'll routinely encourage you to go with the herd, often adding some time pressure into the mix, by saying things like: "Everyone else has done this – you're the last, so please respond now."
Organizations should make sure private information is securely protected, but it's essential to keep a look-out for these favored hacking techniques. Social engineers may use a combination of all six or, in some cases, using just one might be all that's required to get their hands on that sought-after, private information.
There are several ways businesses can reduce the threat of a cyber-attack. One way is by becoming quantum resistant.