Wednesday, June 28, 2006

Social Engineering

An article recently published, Social Engineering, The USB way shows again how critical the human element is in any data security environment. Social engineering, as practised by Kevin Mitnick refers to the technique of tricking or persuading users into giving access to sensitive resources, usually by providing passwords and login details to hackers who pose as company IT support on the phone. There are methods to mitigate the risk of social engineering, such as providing employees with rolling code devices such as those provided by RSA which goes some way towards removing the ability for a user to effectively 'delegate' their access to an unauthorised party. However, such methods are expensive, can require software redevelopment and may be resisted by users. The best security system in the world is worthless if you give away the key, but until business owners and users truely understand and appreciate the importance of IT security and their role in it, Social engineering will remain a serious threat.

No comments: