The process of people manipulation or processes in order to gain some benefit has been prevalent and goes beyond realms associated with information technologies. Recent developments however have shown that social engineering has become a major threat to cyber security with it being a route which can be used by an attacker to gain access and bypassing procedural security. Elements of a computer network can be upgraded frequently to enhance security however the people factor still remains to be a weak link which is exploitable (Bullée et al., 2015).
The social engineer can gain access by creating rapport with a vulnerable member of a company, organization or system with relevant access and persuade them that there is need for reciprocation for a good deed. This leads to a natural compulsion developing due to human traits being evident where the attacker can gain some information. They can coerce the targets by learning them, their patterns of living, interest and even dress codes which would make the subject comfortable and vulnerable. When the attacker makes their move it becomes easy for their questions to be answered from which they can view a loophole or use the subjects as an entry point into the system. Normally, the subjects are not usually aware of them being targets to the hackers since they usually have gained their trust (Schueller et al., 2013).
However, these attacks can be
mitigated through implementation of policies and procedures highlighting on
appropriate behavior and what to avoid to prevent such attacks. Staff need to
be made aware and enlightened on how social engineering can be used as a tool
to compromise a system and them being advised to stay alert. Social engineering
is taking many forms with it being a common vector which can be used in
bypassing technical and procedural controls of a system and can lead to even
bigger attacks. Therefore organizations need to be alert on the techniques to
be better protected (Shah et al., 2015).
Bullée, J. W. H., Montoya, L., Pieters, W., Junger, M., & Hartel, P. H. (2015). The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of experimental criminology, 11(1), 97-115.
Schueller, S. M., Muñoz, R. F., & Mohr, D. C. (2013). Realizing the potential of behavioral intervention technologies. Current Directions in Psychological Science, 22(6), 478-483.
Shah, D. V., Cappella, J. N., & Neuman, W. R. (2015). Big data, digital media, and computational social science: Possibilities and perils. The ANNALS of the American Academy of Political and Social Science, 659(1), 6-13.