Or maybe the home office, where the perception might exist that the greatest threat to network and data security is a rogue Russian hacker or a disenfranchised neckbeard living in his mother’s basement. But that perception is just the tip of the iceberg, and too many organizations spend too much time rearranging the deck chairs on the Titanic.
If you want to see the problem more clearly, take a look around the office, from Agnes in Accounting to Stan the Man in Sales. From Reggie in Receiving to Ruth in Reception. The people on your staff are wonderful, devoted, and talented members of your team. They are also the biggest threat to your security.
Engineered to be Social
Human cognitive biases affect decision making in ways that are readily exploited. The first is called tailgating, and it is tough to be impolite when someone confidently asserts their position or request with a sense of purpose. We are engineered to be social. The second involves pretexting, the creation of a scenario that seems real to the victim, almost a face-to-face phishing scam. These are just a couple of the levers of social engineering.
The Meek Shall Inherit the Wrath
Constant vigilance is required to protect your operation from social engineering. You must always be assessing, developing, and educating. ICS can perform a vulnerability assessment that will evaluate your existing procedures and exposures and, further, penetration testing to identify weak points of entry to your data. These two steps are only as good as the third, the ongoing and dynamic education of your staff on how to anticipate and handle social engineering threats. This should include periodic testing of your security framework.
Social Engineering is a quiet killer that preys on the ill-prepared and the congenial. Let ICS help your staff meet the threat with a confident smile and a no-can-do attitude, so that they are empowered to protect your network from the bad guys while using your data to find more good guys.