HFC - Social Engineering (Lesson)

Social Engineering

Human Factor

SocialEngineering

This lesson addresses the “Human Factor” in cybersecurity. It is a sobering fact that most data breaches involved some measure of human factor, either mistakes or malicious actions. In this lesson we will examine how simple human characteristics make us vulnerable to social engineering techniques. Social engineering is defined as threats against the human factors in the technology environment.

Threats against the human factor… What does this mean?   It almost sounds like someone is threatening the humans in your organization.  Are they going to attack a person?  Will there be knives, punches, or blood? By threat cybersecurity professionals mean that social engineering will manipulate the humans in an organization to take action that ends up hurting the organization. This is what social engineering is about.

The goal of social engineering cyber actors is to get someone to give them information they are NOT supposed to have . . . Or letting them into an area that they are NOT supposed to be in. For example, trying to persuade an authorized user to provide information or access to an unauthorized person.

How do cyber actors do this?  By using a CON or SCAM, such as tricking gullible people into believing that it is all okay! Social engineering methods are deception and trickery.

Why is social engineering so successful?

  • Because humans want to be helpful
  • Because humans want to avoid confrontation
  • Because humans often make sloppy mistakes

The sad news is that social engineering is highly successful.  This means that hackers do not have to be great at coding or technology because they can get access by just preying on human errors. Most users know they are not using best practices but they are just being careless, thoughtless, or impatient. In cybersecurity and information technology this is known as being a “stupid user” and it is very frustrating to deal with!

Social Engineering Techniques Self-Assessment

Protect Yourself Presentation

General Tips:

  • Educate yourself and others about these tactics and stay updated on new methods being used by attackers.
  • Use strong, unique passwords and change them regularly.
  • Install and update antivirus software and firewalls.
  • Backup important data regularly.
  • Report any suspicious activity to the appropriate authorities or your organization's security team.

By being vigilant and informed, you can significantly reduce the risk of falling victim to social engineering attacks.

Reflection and Wrap-up

In this lesson you have learned how human qualities make us vulnerable to social engineering scam artists as well as techniques we can utilize to protect ourselves from being conned and scammed.

[CC BY-NC-SA 4.0 Links to an external site.] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION - INTENDED ONLY FOR USE WITHIN LESSON.