Some companies protect their computer systems with expensive technology, but they often overlook the employee who may be conned into unlocking private information and giving it away to anyone who asks for it.
Nathan LaFollette said the human element is often the weakest link and can be exploited by social engineering. He says hackers sometimes find it easier to trick an employee to reveal passwords than finding their own way through computer firewalls.
Experts at technology firms like Cisco report that hackers are constantly using social engineering techniques that take advantage of real employee names, partial passwords or use schemes to convince employees they’re involved in legitimate transactions.
“Social engineering is a huge threat for corporations, but they don’t spend a lot of money or training on it,” said LaFollette, founder and chief executive officer of Inet\Detect in Brunswick. “It’s a major problem that will continue to grow and it’s not something that you can just throw products at to remediate.”
In a recent survey of information technology professionals, more than 43 percent said they had been targeted by social engineering schemes in the past two years.
60 percent reported that new employees are the most susceptible to attacks, according to the survey of 853 IT professionals that was sponsored by security firm Check Point Software Technologies.
One common and most applied social engineering technique, referred to as phishing, involves sending information from an email message that appears to come from a legitimate source such as a provider of financial information. Another, called pharming, is a hacker’s attempt to redirect a website’s traffic to another, bogus site.
Social engineering techniques often come into play after an employee willingly responds to a bogus request for confidential information from someone who might reasonably request confidential information – like someone in the IT department.