Home > Articles > Security > General Security and Privacy

Deploying Disney: How Social Engineers Take Advantage of Childhood Lessons

  • Print
  • + Share This
  • 💬 Discuss
Like this article? We recommend
Security consultant Chris Nickerson points out that social engineers (the kind you hire as consultants) aren't evil; in fact, they want to help you prevent people from stealing your secrets. But longtime teaching from "Uncle Walt" and his many animated characters may make it easier for attackers to get at your mind.

People tend to believe that social engineering (SE) is an exercise in "BS-ing," or a way to trick users, but it's actually a distinct science. The founders of this science developed social engineering techniques in order to help people through difficult situations and change their world. The responsibility of the professional social engineer is to expose the weaknesses inherent in current corporate cultures—not to show off by proving that we can break through a company's security. The purpose of social engineering is to connect companies to the reality that risk lies everywhere, and that the company must protect its business and users from the harms that we all face.

Think of social engineering as being like healthcare coverage. Everyone is susceptible to disease and sickness, so companies provide healthcare benefits to keep employees and the business safe from the risks of illness. (For the business, those risks include loss of productivity, profit, and personnel.) Likewise, companies need to conduct social engineering tests and gain an understanding of how susceptible their information assets are to ever-growing threats.

The Level of Risk Is Rising

During the hard economic times that the U.S. has experienced in 2008 (and the likelihood of rougher times ahead), newer and more creative threats have bombarded business. The security market as a whole is undergoing a huge uptick in risk due to current socioeconomic conditions. More people are "turning to the dark side" and finding profit in ways that they might once have considered taboo. It reminds me of what Les Stroud from the TV show Survivorman says: "Normally, I would never do this, but when it's your only chance for survival, you do whatever it takes." Much of the American public is in survival mode, as highlighted by the recent news of attacks, exposure of massive-scale information-theft networks (Ghostnet), and even the ever-present Conficker worm. All of these events are indicators that more and more people are looking to information theft as a source of income.

This growing risk doesn't just come from increased monetary pressures or the sheer number of attackers peeking out of the woodwork—it also comes from the victims. Yep, that's right! And this is where social engineering comes into the picture.

  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus