Did you know that generally hackers only use their computers for malicious purposes about 40% of the time? The other 60% of the time they're procuring your customer's personal information through a very intricate process known as social engineering. That's not a term that many businesses that store critical information are typically aware of. The basic consensus is that if they keep their network safe, plug all the holes, and use top of the line equipment their worries are over. Nope! You're only half way done actually.

Have you ever attended a defcon or blackhat convention before? I have. On the show floor you'll be privy to the most aggressive network on the planet. For those going in unaware and who leave their smartphone's wi-fi enabled, you will be made an example of. Your name and information will appear on a large screen for all to see because you didn't take precautions or research where it was you were actually going. You'll see a myriad of spectacles from hackers showing how insecure your home router is to actually participating in social engineering experiments over a loudspeaker, live.

You see, social engineering is the art of cleverly extracting information from those trained to help, usually in the form of customers and fellow co-workers. A black hat type hacker (or white hat penetration tester) will use social networks like linkedin, facebook, etc to find out who the particular employees are at the company they're trying to get information from. LinkedIn is a great resource to see who works at that company and what their job title is. Facebook is a great resource to see when those people might be on vacation or out of the office. That's often times when the calls will start coming in from people claiming to be working at home that day (or the like) and that they need access to the network but don't have a remote login. Untrained employees who are use to merely assisting fellow co-workers tend to fall for these types of schemes giving that hacker everything they need to easily gain access to network resources and information, seeing the gatekeepers who would typically verify the information are out of the office. Again this is typically 60% of the "hacking" process in a lot of cases. Systems have gotten better at being more secure and often times this is the method that takes up the slack in those situations.

So it's pretty incredible how capable cyber criminal elements are at gaining access to inaccessible systems isn't it? The example above is just something that can happen over the phone. Sometimes an adept social engineer will actually gain access to your property, often times disguised as a particular type of repair technician, pizza delivery guy, engineer, you name it. These people are extremely gifted at what they do, providing the piece of information isn't available through the internet, and they'll already be on the guest list for the day. Now you'll have feet on the ground, corporate espionage at it's finest. This can happen at any time, and companies that are heavy in R&D or have access to critical information like pharma, shipping firms, financial institutions, etc should definitely take warning. Much of their most critical information is stored on secure parts of their internal infrastructure and this is one way how that information will be stolen or compromised.

Do not think simply because you have the best hardware protecting your software that you are in any way immune to having your data compromised. You are not. Sometimes your own employees will give a criminal the keys to the castle without even realizing it. In these types of settings, employees need to be trained on how these people operate, the types of questions they'll ask, and the type of information they may have already stolen in order to know what they know. 

Gilded Pendulum can help you with securing your network all the way to military grade encryption and 24 hour monitoring. However you as the business owner or CIO will have to make sure your staff is highly trained to defend themselves and your livelihood against the social engineers. They're out there, and they get paid a LOT of money to do what they do so well. Take notice and always be prepared. You can contact us at any time to be pointed in the right direction in just how to begin the process.

-Dominic