Page 24 - Cyber Warnings
P. 24
Using AES 256-bit instead of 128-bit encryption does not add any protection against a social
attack and no one is immune. Oracle and Salesforce have a well-deserved reputation for the
security of their products, yet both have fallen prey to social engineering attacks. If the NSA
ever divulges how hackers obtained access to some of their most guarded tools, odds are it will
be the result of a social, not technical, attack.
It is possible to defend yourself against social engineering, but it requires educating your
workforce, testing to determine if the education has stuck, and following up on any weaknesses.
In brief, you must deal with those messy, frustrating, and infinitely fallible creatures known as
humans.
The results of such testing will not help upper management sleep easy at night. During the early
rounds, especially when conducted correctly, the results are likely to elicit cries of concern, not
least because upper managers are among the most likely to fail the tests. However, this is the
only path to real security because you cannot cure a problem until you acknowledge it. Of
course, even if you are successful in deflecting a simulated, or even real, attack, do not think
that your organization is invulnerable. When humans are involved, no one is immune from error
and it just takes one careless employee to compromise security for the entire organization.
It is largely because of vulnerability to social engineering attacks that no cloud software
company offers a meaningful warranty against a data breach. They may train their own
employees carefully, test them rigorously, engage third party security specialists to try to breach
their security and pass every test. But they know that customer data is still vulnerable – to the
customer’s employees, and dark-side hackers do not disclose how they got at the data, they just
sell it to the highest bidder(s).
If you’re interested in learning more about social engineering, Agiloft is offering a free, simplified
version of their social engineering test to organizations that want to improve their security. Click
to take the test
About The Author
Agiloft CEO and founder, Colin Earl, is a software industry veteran with over
25 years of experience as a developer, product manager, and CIO. Colin
worked at IBM, General Electric, and three start-ups before founding Agiloft
in 1991.
His vision was to accelerate the building and deployment of enterprise
business applications by removing the need for custom coding. He has an
engineering degree from Imperial College, “Britain's MIT” and moved to
Silicon Valley in 1986.
24 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
