Social engineering trumps a zero-day every time

Bruce Hughes AVG Technologies

Hackers know the weakest part of any business is almost always the human sitting behind the keyboard.

Stats show that our users are four times more likely to come into contact with social engineering tactics as opposed to a site serving up an exploit.

February stats:

  • Top social engineering detection: 1,985,377 blocks
  • Top exploit detection: 415,697 blocks

Most people are worried about dangerous exploits sneaking into their computer systems through zero-day exploits but will joyfully click on links found in search engine results, email or social networking sites. The tactic of exploiting the 'human aspect' of computer use is known as social engineering and is widely recognised as one of the most effective techniques used by cybercriminals. It's also much easier - the only thing involved is tricking somone.

Social engineering isn't going anywhere. It has been here since the start, and as long as there are humans to trick, it's here to stay. The bad guys are making a lot of money also, just look at these examples from the news:

  • N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss
  • Online Robbery: Hackers Steal $50,000. Bank Says 'Tough Luck'
  • Computer virus steals $325K from district
  • Computer hacker steals $479,000 from Cumberland County Redevelopment Authority
  • IT Firm Loses $100,000 to Online Bank Fraud

In this paper we will look at many examples of social engineering that are being used today and the reported damage they have caused. We will look at the technologies that corporations are using to stop social engineering attacks. Finally, we will look at home we can educate users and some of the campaigns being used by public organizations.

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png