Social engineering encompasses a range of malicious activities accomplished through human interactions. Social engineers manipulate or trick users into making security mistakes and/or revealing sensitive information. It’s a technique that has allowed hackers to infiltrate the systems and compromise the data of many public and private institutions.
The latest such victim is Uber. According to initial reports, an 18-year-old social engineer was able to effect a total compromise of Uber’s systems. As described to The New York Times, the teenager said he broke into the company’s systems for his own entertainment . . . and to demonstrate how ineffective Uber’s security is. Yes, that’s right. A bored teen armed with a computer disabled the systems of a publicly traded company with a market capitalization of over $60 Billion.
An exception you say? Not really. Consider LastPass, an online password manager that, by its very nature, is focused on protecting data. On August 25th, LastPass notified its users about a security incident involving an unauthorized party using a compromised developer-account to access parts of its source code and some proprietary LastPass technical information. How was the developer account compromised? Through social engineering.
These are just two of many such examples. Hackers are getting more sophisticated. Heard that before? Well, believe it. The dark web gives social engineers and others access to more hacking tools than ever. These criminals prey on the limited cyber awareness of businesses and/or their employees. Phishing is a popular way of doing so. This hacking tool has been around for decades, but cyber ne’er-do-wells are now able to create fake websites and emails that are nearly indistinguishable from legitimate ones. One click or one user login is enough to jeopardize even a well-protected network.
Hiring cyber security experts and training staff are obvious countermeasures. So is ethical or white-hat hacking; that is, hiring someone to (attempt to) break into an app or system. Apple famously issued an ethical hacking challenge a few years ago in order to test the security of its iPhone. Even so, this particular security tool is underutilized.
Why aren’t more companies using ethical hackers to test their systems? Social engineers know the answer. So did Ralph Waldo Emerson over 150 years ago when he wrote, “In spite of warnings, change rarely occurs until the status quo becomes more painful than change.” Managers react rather than anticipate. Cyber threats and system vulnerabilities are discounted until a problem occurs.
I should know. I was content with the performance of the anti-virus program I had used for years. Why change? It had kept my computer free from viruses and malware. My personal information was safe. Until it wasn’t.
Peter has spent the past twenty-plus years as an acting/consulting CFO for a number of small businesses in a wide range of industries. Peter’s prior experience is that of a serial entrepreneur, managing various start-up and turnaround projects. He is a co-founder of Keurig.