- Cyberattack vectors like phishing, spear phishing, baiting, and whaling have more in common than names that come from marine terms. The language is fishy, but all these cybercrime techniques exploit traits that are peculiarly human. They deploy social engineering—the manipulation of traits like curiosity, sympathy, or greed—to get people to share sensitive information, click on links that execute malware, and perform other actions that open the floodgates to cyber mayhem. That's why Peerlyst, the online platform for information security professionals, keeps its community members up to date on the proliferating and ever-changing nature of cyber threats—and how to protect against them.
In a post entitled “Why is Social Engineering a Significant Security Concern?”, Mark Cutting, senior vice president, information technology at EntrustPermal, lays the problem out clearly: “Security is often relaxed when you trust the person or company you are dealing with. But what happens if the entity you trust is not who they say they are? Social engineering is a psychological technique and attack vector used by cybercriminals to trick victims into providing sensitive data such as usernames, passwords, and other personally identifiable information. Whilst the methodology itself is not new, the use of social engineering has risen dramatically to become one of the most deployed attacks in an ever expanding arsenal available to a cybercriminal.” Cutting details both the methodologies and risks from a wide range of cyber threats, including whaling (aka CEO fraud), scareware, and pretexting.
To learn more about those social engineering dangers, as well as methods to guard against them, check out his full post on Peerlyst: https://www.peerlyst.com/posts/why-is-social-engineering-such-a-significant-security-concern-mark-cutting. About Peerlyst Peerlyst is the place where information security pros go to share knowledge and build their professional reputations. With an audience of more than half a million and more than 10,000 posts by security experts, Peerlyst is the preeminent platform for spreading InfoSec news, asking a question, finding an expert, or offering product insight. For more information, email firstname.lastname@example.org or visit https://www.peerlyst.com.