Social engineering is the art of manipulating people into taking actions that breach the best technology-based organizational
defenses.
This dark art has been practiced by the bad guys since the beginning of history and new examples crop up on a daily basis.
But leading security practices are available to close this vulnerability by modifying employee behavior.
The story of a break-in
We were in the lobby of a large manufacturing company, standing just a few yards away from the desk of a very curious security guard.
I was intently focused on my laptop screen, pretending to be typing in the coordinates that my coworker was “reading” to me from her “detection device” and saying in a voice just loud enough for the guard to think he was eavesdropping on us, “It’s got to be coming from in there.
That’s what the analyzer is saying. There’s a rogue access point and it’s in there! We’ve got to get to it before it’s too late!” I was feigning borderline hysteria, and pointing like a crazy person at the locked door to the HR department.
“Who ARE you people?” The guard asked. His curiosity finally got the best of him.