The thing is with Social Engineering we all experience it on a regular basis in one shape or form and we do not even know its happening to us, luckily the vast majority don't pose a security risk.
When was the last time you spoke to a recruitment company? The consultants use a form of Social Engineering to 'tease out' information about you, the organisation you work for (or previously worked for) and also some information about your colleagues. This information is not only used by them to help you but its also utilised by them to make more contacts, to get a better understanding of what the job market is doing and to ultimately make more money (and why not).
Personnel Security is now a very important part of any organisations security strategy. The potential risks from an 'insider threat' are reducing (with the appropriate processes in place), but attackers no longer need to gain legitimate employment they can gain the trust of the unsuspecting staff (normally at a junior level) to provide the sensitive information they require to penetrate your organisation (physically or electronically).
When was the last time you spoke to a recruitment company? The consultants use a form of Social Engineering to 'tease out' information about you, the organisation you work for (or previously worked for) and also some information about your colleagues. This information is not only used by them to help you but its also utilised by them to make more contacts, to get a better understanding of what the job market is doing and to ultimately make more money (and why not).
Personnel Security is now a very important part of any organisations security strategy. The potential risks from an 'insider threat' are reducing (with the appropriate processes in place), but attackers no longer need to gain legitimate employment they can gain the trust of the unsuspecting staff (normally at a junior level) to provide the sensitive information they require to penetrate your organisation (physically or electronically).
What I'm trying to say is be cautious who you are talking to, why are they asking so many questions, why are they stroking your ego and of course be careful what information you put into the public domain about you and your organisation (including the Internet).
No comments:
Post a Comment
Thank you for your comments.
Team Chatback