Social Engineering
In an recent visit to a start up company where security model is not enough matured to defend the attacks ,I challenged them that I can reset the password of an employee and believe not much technical tools/skills are used to perform this attack.
The start up is having around 40-50 associates with a bunch of mind blowing energetic youth who are ready to conquer the challenges and give the best to achieve the impossible. I met few of those associates in the common cafeteria and posed myself as an marketing UX designer of an another company in the same floor and need review of upcoming designs with a fancy mac book and involved them in the review taking each of their input and refining the design.
Over the conversation was able to get their names, color preferences ,favourite food, child hood hero and few other personal preferences which they only aware of. The last part to get the naming format of login/ids went smooth when I started crticizing how our on-perm infra is still connected to wired network and can't check my mails on mobile phone.With the data accumulated and kind of public available network for their company, I have demonstrated to their CEO how I can change the password of associates even with secondary check of security questions. Startled with kind of data leak happened via social engineering made him to think the sensitivity of security how it can be attacked in all means no matter the organization is of 50 employees or 50000 employees.
领英推荐
Two aspects has been take away from this exercise where in the User Awareness is the key factor and weakest link of an entire security eco system and the importance of having MFA to be implemented no matter the size of organization as along as we are dealing with data.
With borderless workforce which we are dealing now after pandemic user awareness is of most important aspect where in enough judgement should be made by the users to share the data in public places and protect our assets from Social Engineering attacks.
PC: dreamstime/photos