Wikipedia defines social engineering, in the context of information security, as the “psychological manipulation of people into performing actions or divulging confidential information.” Our increasing reliance on vast networks of digital technology for information storage, research, controls, and transactions makes organizations highly vulnerable to social engineering fraud.
There is a strong urge to combat this risk with a technological fix like stronger encryption or better management controls. The problem is not a technical one because social engineering fraud is based on the exploitation of human interactions and human frailties.
There was a time, not long ago, when the term social engineering meant the manipulation of behavior and various outcomes through public policy. It referred to political issues.
The digital revolution has led to a new meaning for the term, and it’s one you should know about: “social engineering” is a threat to data system security based on “the art of influencing people to disclose information and to get them to act inappropriately.”
In other words, it’s a con job to get people to reveal things about their passwords and related digital assets to help thieves gain access to a system or database.
The important point about social engineering is that it is another human risk factor that you need to address in your risk management plan. Your efforts to harden the computer systems in your organization against technical intrusion will be pointless if the people who have access to them are vulnerable to social engineering attacks. … Continue reading