Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
As part of National Cybersecurity Awareness Month, the National Cybersecurity Institute has planned a list of activities to promote the public’s knowledge on the subject. One of the ways they are doing this is to publish a weekly case study that gives interested parties an in-depth look at some of today’s major cybersecurity issues. The first of these case studies is entitled “Social Engineering and Insider Threat.” Before you explore the study, let’s get a brief overview of the subjects.
Commonly referred to as the non-technical method of hacking, social engineering is a method of data intrusion that relies on human interaction. In a social engineering attack, bad actors prey upon people’s natural proclivity for trust. Hackers may present themselves as a friend or familiar acquaintance in order to trick people into giving them typically confidential information or access to personal accounts. There are two common classifications of social engineering:
Internal: In this type of attack, someone from inside the business has found a vulnerability and decided to take advantage. He or she may use the access to email lists and employee addresses to send out an email prompting users to engage in a call to action containing malicious software.
External: This is when an outside source, perhaps a competitor or criminal hacker, wants to gain access to your data, so they employ similar tactics as the internal threat using information gathered off a public site.
Intentional: This occurs when anyone who has or has had access to a company’s network uses this access for malicious purposes. This can mean that the confidentiality of records was compromised, data was stolen or financial damage was done.
Unintentional: Like intentional insider threat, this type of cyberthreat is the fault of a company’s employee. However, unintentional insider threats are unplanned. The individuals involved were usually socially engineered into allowing a bad actor to have access to the network.
Social engineering and insider threats are two of the most relevant subjects in cybersecurity today. Hopefully, now that you have read this brief overview, you can explore the National Cybersecurity Institute’s case study with a better understanding of the topics.
To learn more about social engineering, insider threats and cybersecurity in general, you can visit NCI’s website today and peruse the blogs.