SANS Institute - Methods for Understanding and Reducing Social Engineering Attacks
Social engineering is widely recognized by cyber criminals as one of the most effective methods of penetrating an organization’s infrastructure. Information security professionals are aware of this as a threat but to date have never seemed to focus their efforts on studying and understanding in depth how and why cyber criminals are using this as a weapon. Electronic means of penetration are far easier to focus on because they are straightforward in their techniques and thus their prevention. But hacking the “wetware” tends to be viewed as much more difficult to prevent due to the seemingly unlimited number of variables humans present. While prevention is all but impossible, more research and better methods of understanding how and why an organization’s representatives are easy targets would go a long way to reduce the success of these penetration efforts.