Although this may have been the case in the past, the increase in cyber-crime means that hackers now target all sectors of the community, from corporations to individuals.
Criminals may steal directly from a company, diverting funds or resources, but they may also use the company as a staging point through which they can perpetrate crimes against others.
The broad nature of these potential threats necessitates providing information about threats and potential defenses to a range of management and technical staff within a company, including: To attack your organization, social engineering hackers exploit the credulity, laziness, good manners, or even enthusiasm of your staff.
Therefore it is difficult to defend against a socially engineered attack, because the targets may not realize that they have been duped, or may prefer not to admit it to other people.
The goals of a social engineering hacker—someone who tries to gain unauthorized access to your computer systems—are similar to those of any other hacker: they want your company’s money, information, or IT resources.
A social engineering hacker attempts to persuade your staff to provide information that will enable him or her to use your systems or system resources. Many midsize and small companies believe that hacker attacks are a problem for large corporations or organizations that offer large financial rewards.
With this knowledge, you can augment your security policy to include social engineering defenses.
This paper assumes that you have a security policy that sets out the goals, practices, and procedures that the company recognizes as necessary to protect its informational assets, resources, and staff against technological or physical attack.The changes to your security policy will help to provide staff with guidance on how to react when faced with a person or a computer application that tries to coerce or persuade them to expose business resources or disclose security information.Introduction Social Engineering Threats and Defenses Designing Defenses Against Social Engineering Threats Implementing Defenses Against Social Engineering Threats Appendix 1: Security Policy for Social Engineering Threat Checklists Appendix 2: Glossary Welcome to this document from the Midsize Business Security Guidance collection.Microsoft hopes that the following information will help you create a more secure and productive computing environment.This paper provides security management information about the threats posed by social engineering and the defenses that are available to help resist social engineering hackers.Social engineering describes primarily non-technical threats to company security.