Criminal hacking is no longer a purely technical activity. As awareness of technical security issues and their countermeasures has improved, attackers are increasingly employing other methods to circumvent security controls – such as exploiting unsuspecting users via social engineering.
The approach of purchasing individual “silver bullet” solutions like firewalls and IDS must be replaced by an holistic view of security that embraces technology, physical controls and people too. For no matter how effective network security controls may be, if an organisation falls victim to a well-executed social engineering attack, key business information assets will be at risk.
The problem is that staff awareness of social engineering tends to be weak, leaving most organisations open to abuse both remotely and in person. But how security aware are they? How do you test your “human firewall”?