Oh dear, don’t you just hate it? April 1st is almost upon us, so that gives individuals, businesses and the media carte blanche authority to do their best to trick us into thinking something is true when it isn’t. There is a long list of ‘famous’ April fools, from spaghetti growing on trees through to the introduction of ‘smellyvision’. In the past these can be seen as harmless jokes, but what if there was a more sinister motive behind a 21st century Aprils fool regarding cyber security and its heinous sidekick, social engineering.
Cyber security has long been considered a predominantly technical issue. There are vulnerabilities in technology that are taken advantage of by a range of actors and then the technology catches up through implementation of good practise, the application of patches, the mitigation of viruses and then the circle begins again. The human factor is now as important, if not more so than any technical aspects of cyber security. This point has not been lost on cyber criminals who are now using all the social engineering tools they have to find ways to separate individuals from valuable digital information.
Social engineering has been around for a long time, April Fools are a form of social engineering, as is political propaganda, advertising, magic tricks, gambling, confidence tricksters even old fashioned bar hustles are all drawn from the same emotional kit bag. In cyber security terms social engineering is defined as a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
Have you ever been caught out by social engineering? Not necessarily in the cyber world, but in real life? Have you been hustled by street vendors in a foreign land where they convince you that you can’t lose in a game of chance? A deal that is just too good to be true. If that resonates then when you introduce technology you have a potent combination for cyber crime. There are so many social engineering scams doing the rounds at the moment but the all appear to prey on one key aspect – they are personal.
We all buy online, we all get deliveries to home, especially around certain times of the year. So when you get an email from a courier regarding a delivery you automatically think that it must be valid. If there is anything that appears wrong, then question it! Look at the email address that it has been sent from, does that look valid? Maybe ring the courier concerned and talk to them, whatever you do, don’t respond. What about all those emails you get with offers tailored just for you, based on what you may have shared on social media – yep, that’s social engineering at work. Some of these emails can be so well crafted that they will easily get through spam filters and into your inbox and I can promise you that many of the cyber security experts I speak with have been very close to being caught out themselves on more occasions than they like to admit.
These scams prey on the flaws in the human condition, we sometimes do not trust our own judgement, especially if there is a time pressure, or the information that we have presented with touches a particular nerve. A healthy dose of scepticism can be a useful ally in the fight against the cyber armed social engineers.
Social engineering is a serious threat to businesses. It could be argued that it always has been, but it’s increasing effectiveness through its use of technology requires addressing. In order to do this companies are well advised to pull in specialist training organisation and social engineering experts. I recently saw a presentation by one such specialist, Jenny Radcliffe, and was taken aback at the effectiveness of social engineering techniques and the damage it can have on organisations. Nobody likes to be hustled, to be conned, to be made a fool of and tricked, so don’t let it happen. Openly talk about social engineering within your cyber security strategy and develop a plan to address it by providing the necessary awareness training to all. Technology will only protect you so far.
Having said that, if you do want to develop your own little social engineering April Fools Day hustle with a cyber security angle, then pop along to Amazon and search on ‘cyber clean’. This will present you with an array of cleaning products for high tech equipment. The cyber clean cleaning compound can be pressed into keyboards, vents and other dirt collecting crevices of your technology. Leave a tub of this on your bosses desk with a note saying, “This is our new cyber security strategy. We should provide a tub of this to each employee” and see what their response is. Then send them a link to the tune “The Hustle” by Van McCoy & The Soul City Symphony. Let’s hope they get the joke!