“Social Engineering bypasses all Technologies, including Firewalls” – KEVIN MITTNICK
Imagine your best employee passing around sensitive data to unauthorized personals, only because he is with the opinion that the details were of no importance to that person. However, your network is attacked out of the blues for your sensitive data that can be harmful to exposure, outside your organization.
A recent case that surfaced was with Toyota in 2019. Using persuasion, the attacker persuaded a finance executive to change the recipient’s bank account information in a wire transfer. Toyota Boshoku Corporation, an auto parts supplier, was the victim who lost USD 37 million.
What is On-Site Social Engineering?
On-site Social Engineering is not about charging your employees to not social-media or mobile phones in office. It is about examining current security practices, making improvements & motivating the employees to understand & accept the risks involved if the practices are not followed religiously.
First, the entire security apparatus is observed:
- Security personnel procedures & protocols in place.
- Electronic security equipment e.g. Locks & Key Cards.
- Details handover procedures during Shift roll-overs.
- Employees’ awareness of the organization’s security policies.
The further action plan is chalked-out on the basis of the above parameters & necessary changes/ updates are made, including awareness workshops to get the employees accustomed to the in-detail procedures & understand their pivotal role in the organization’s security.
What is the supposed Outcome of the above Activities?
A major chunk of the workforce is genuinely interested in working at a secure workplace environment to defend their organization’s business & opportunities. However, people tend to be overly trusting others, in or outside organization, to avoid being called off as an overly conscious. With that issue addressed, what we bring to the table is an action-plan & training for employees to be more security conscious in a better socially acceptable manner.