cmdLabs is headquartered in Baltimore, MD and provides digital forensics, incident response and related training both domestically and abroad. Our customers include law enforcement, Fortune 500 companies, government agencies, law firms and institutions of higher education.
In the following interview, Michael R. Kobett, Senior Technical Trainer at cmdLabs discusses 1:1 with Info Security PG, Editor-in-Chief of Info Security Products Guide, how prevalent are social engineering attacks and what can be done to combat them.
Info Security PG: How would you define social engineering? How prevalent are social engineering attacks, do you think the number of attacks will increase and why?
Michael Kobett: Social Engineering can be defined as skillful deception; it’s a form of attack which focuses on people, not technology. Therefore, the attacker doesn’t necessarily need a great deal of experience in IT security; he or she needs to be able to conduct research and manipulate people.
Social Engineering attacks are very prevalent today, however it’s difficult to generate statistics on exactly how widespread they are. This is because when an attack is executed correctly, the victim is unaware that they’ve been taken advantage of. In addition, these attacks are difficult to investigate because we are dealing with human and not hardware interaction. If an attacker bypasses an organization’s physical security via a technique such as “piggy backing”, there will most likely be evidence of that security breech in the form of video surveillance data. However, there are no logs or security reports to review if an attacker scours the Internet searching for information related to the victim organization such as: employee names, phone numbers or the networking equipment that is used.
I strongly believe that social engineering attacks will continue to increase due to how society is embracing the Internet. Twenty years ago it was not assumed that everyone had an email address or even a home computer. Now because of advancements in technology and social networking, the number of people who are online and constantly interacting with others has increased dramatically. Simply put, as the opportunities for communication increases, so do the opportunities for social engineering attacks.