Published in The One Brief
In 2015, an accountant looking at the balance sheets of a US tech company noticed, to their dismay, a $39 million hole in their figures. They would have been even more dismayed to know where it had gone – a member of the financial team in an overseas subsidiary had transferred it directly to the thief. All the thief had to do was pretend they were a CEO.
It’s a kind of attack known as a CEO email attack, and just one of a broad range of hostile tactics known as social engineering attacks. These are attacks that exploit the natural weaknesses of human beings – our credulity, our naiveté, our propensity to help strangers, and sometimes, in the case of phishing attacks, just our greed – in order to get around security systems.
To put it in the language of 21st century cyber security: social engineering operates on the idea that, just like any computer system, human beings can be hacked. In fact, a lot of the time they’re much easier to hack than computers. Understanding this fact, and the forms that social engineering can take, is essential to formulating a robust defense strategy. And these strategies are even more important now, as the lines between the physical and digital worlds continue to blur and the assets at risk continue to multiply, thanks to the proliferation of connected technologies.
Read the full article here.