Social engineering doesn't just happen online and relies heavily on trust and human error. Both give an advantage to cyber criminals when planning an attack which does not target a specific individual but is rather opportunistic in the hope of finding a 'weak link' in the wider organization.
A Day at the Cyber Security Conference
Firstly, we heard from the director of The South West Cyber Resilience Centre, a not-for-profit police-supported organization covering business protection, cyber skills and cyber innovation. Their aim is to educate and help regional businesses and charities stay safe and protected from cyber crimes. SWCRC is a part of national clusters of cyber resilience centers.
The founder of AntiSocial Engineer delivered a talk on social engineering and how cyber attacks are carried out online and offline. The AntiSocial Engineer team helps individuals and businesses to stay cyber aware and reduce the impact of social engineering. They offer a range of educational and practical services including simulations of cyber attacks. We were impressed by the efforts and lengths to which they test the physical security of companies by implementing social engineering scenarios, such as entering a building wearing a fake branded T-shirt or tailgating.
SWRCCU shared with the audience a case study investigation involving cyber criminals and their victims. We learned how law enforcement investigates and responds to cyber incident reports, and how vital it is to act fast and work together to spot and prevent cyber crimes.
In the afternoon we took part in an interactive group activity and managed to escape the Police Cyber Escape Room, courtesy of SWRCCU workshops. This immersive session was designed to make us aware of how easily data and information can be found online, resulting in identity thefts or cyber attacks. Our task was to collaboratively review available resources and break into electronic or physical devices by cracking passwords and credentials based on the information we found. What a fun and eye-opening activity!
Social Engineering: A Threat to All Organizations
Social engineering doesn't just happen online and relies heavily on trust and human error. Both give an advantage to cyber criminals when planning an attack which does not target a specific individual but is rather opportunistic in the hope of finding a 'weak link' in the wider organization. That weak link is not always unpatched software or vulnerable code, but simply one click of a button opening a malicious website or holding the door open for someone entering a building. From front line staff to CEOs, all levels of seniority in a business should be regularly educated on the ways to detect, prevent, and report any malicious activities.
When it comes to cyber security being proactive is better than being reactive. With so many resources available, make sure to educate yourself and those around you about possible cyber risks and ways to eliminate them.
