Page 35 - Cyber Warnings
P. 35
Phishermen
How Insider Threats are Realized
by Daniel Jetton, VP Cyber Services, OBXtek, Inc.
While technical security problems can be dealt with through technical solutions, people must be
approached in a different manner. The insider threat is one of the greatest liabilities in
cybersecurity today due to the unpredictability of humans and their interactions with computers
and networks. Humans account for over 90% of security incidents and the genesis of these
incidents and breaches originate from computers, user mistakes, infections, resentment, fraud
and carelessness.
A popular way of manipulating people from outside of an organization is to make them an
insider threat using social engineering. Social engineering (SE), considered mostly an art but
involving some science, demonstrates how people can be manipulated using a minimal amount
of information. A confidence game based on human nature, social engineering pits human
nature against security. Social engineering is arguably the costliest cyber-security issue today,
but it is also the most preventable. Untold millions of dollars are lost every year due to social
engineering with $3.7 million a year being spent on phishing alone for the average 10,000-
person company.
Social engineering (SE) is defined as the deliberate application of deceitful techniques designed
to manipulate someone into divulging information or performing actions that may result in the
release of that information. During the engagement, victims are not aware they are being
manipulated or that their actions may cause harm to themselves or their organization. By way
of subterfuge, social engineers (SEs) convince victims to act against their best interests or
against the interest of their organization. Unlike bribery or threats, a victim’s motivation is based
on trust and not necessarily reward or violence.
History
SE has been around for millennia. The Trojan Horse, of Greek mythology, wheeled into the
secure gates of Troy was an SE (trust) ploy. In 1849, Samuel Williams, the original “confidence
man” as he was known, conned the naïve into giving him their valuables by simply asking
people to trust him with their jewelry until the next day.
th
In the early 20 century, Benito Mussolini was swindled out of $2 million dollars for phony rights
to Colorado mining lands. Then in the 1960’s, Frank Abagnale made a living using fake
personas while kiting checks. It wasn’t until hacker Kevin Mitnick arrived on the scene in the
1990’s that the term “social engineering” entered into popular lexicon. Mitnick used the
telephone as a tool to glean inside information needed to penetrate a network.
35 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
