Building the Culture to Support a Social Engineering Awareness Program

Social Engineering Awareness Program

Joe Gray

Sword & Shield Enterprise Security Consultant Joe Gray pens the first of a five-part series for CISOcast, an online resource that publishes peer-reviewed content to help information security leaders meet the challenges of real world problems to help companies build a social engineering awareness program.

Today, companies are investing more than ever before on protecting their IT infrastructure. As a response, hackers and, in turn, penetration testers are using a different vector to gain access to enterprises: the human element. Humans can be exploited using a variety of methods collectively known as social engineering. This broad category includes phishing, spear phishing, whaling, vishing, smishing, pretexting, dumpster diving, and tail gating.

Social Engineering hinges upon Dr. Cialdini‘s Six Principles of Persuasion:

  1. Authority
  2. Reciprocity
  3. Commitment and Consistency
  4. Social Proof
  5. Likability
  6. Urgency/Scarcity

The attackers use these persuasion methods to achieve their goals.

Read the rest of the article by visiting CISOcast.


Comments are closed.