Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Why Hack When You Can Con?

    Stu Sjouwerman | Oct 14, 2019

     

    iStock-155379357

    Social engineering is all about isolating one individual from the corporate herd

    Most people would be shocked at how easily anyone might physically infiltrate an organization and gain access to sensitive data. In most cases, social engineering is a much more efficient choice than trying to hack into a company’s computer systems. The magazine Computing reports on a presentation by an ethical hacker at DTEXPO which illustrates this.

    The hacker recounted a job in which he was tasked with breaking into a restricted site (with permission) and gaining enough access that he would have been able to blow up a vat of chemicals. He dressed the part by donning a high-visibility jacket and acted like he knew what he was talking about, which successfully tricked the employees into thinking he was supposed to be there. He then made friends with an employee in the smoking area outside the restricted site, and tagged along when the employee went back inside. This granted him all the access he needed.

    The hacker emphasized that tricking humans can be very easy, and you don’t really need any technical expertise to do it. If you have some social engineering talent, you can cause just as much damage as a sophisticated computer hack.

    “This is not a James Bond industry. This is not a super-skilled role where only the most technically capable can infiltrate a company,” the hacker said. “Sometimes, it just takes a bit of effort to infiltrate. I genuinely don’t feel like I can rob a bank, even though I’ve been in three scenarios in my job with banks. I know I could never hack a bank, but I know that if we narrowed down the actual people, we can hack the people once they've been segregated from the business. It's about separating the weak away from the pack.”

    The threat isn’t insurmountable, however. The hacker stressed that if employees are prepared, they can identify and stop these attacks.

    “It’s just a person, and we can defend against this person if we all work together,” he said.

    New-school security awareness training can build a culture of security within your organization so your employees can cooperate with each other to defend against social engineering attacks.

    Computing has the story: https://www.computing.co.uk/ctg/news/3082485/ethical-hacker-social-engineering

    Topics: Social Engineering Phishing Security Awareness Training Hacking

    Stop Being a Target for Social Media Exploits

    Social media is the new frontier for targeted spear phishing and credential theft. Use our Free Social Media Phishing Test to identify which users are likely to click malicious links or leak data on platforms like LinkedIn and X, and get your results in just 24 hours.

    Get Your Free Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All