Penetration Testing and Network Defense
< Day Day Up > |
Certain types of companies are more susceptible to these types of attacks than others. They include the following:
The best defense against social engineering tricks is training. Train employees in social engineering tactics and send regular notices of scams. Offer additional training for receptionists, help desk staff, and customer service representatives because they are more likely to be victims of social engineering attacks. Teach these staff members to verify the identity of callers by asking the caller questions. Unless the social engineer is exceptionally good, after enough questions, he will hang up. In effect, staff should perform social engineering of its own kind, where it seeks to discover the identity of a person suspected of being a social engineer. This will either result in catching social engineers or cause them to stop trying. To prevent against dumpster divers discovering sensitive information, establish policies on how information and archives are to be disposed. Usually this is through shredders or incinerators. Note Undoubtedly, the most famous social engineer is Kevin Mitnick. He wrote a book with coauthor William Simon titled The Art of Deception: Controlling the Human Element of Security. It is an excellent resource if you are looking for additional information or examples on social engineering.
|
< Day Day Up > |