The key to counteracting social engineering is awareness since social engineers are targeting our lack of cognition, our ignorance, and our fundamental biases. In a cybersecurity context, it’s not as easy to mitigate social engineering as it is to mitigate software and hardware threats. On the software side, we can purchase intrusion detection systems, firewalls, antivirus programs, and other solutions to maintain perimeter security. Attackers will certainly break through at one point or another, but strong cybersecurity products and techniques are readily available. When it comes to social engineering, we can’t just attach a software program to ourselves or our employees to remain secure.
Whistling Past the Cyber Graveyard
It seems not a day passes that a new cyber security incident is not reported. Whether it is the breach of email accounts at Yahoo, the networks at the Democratic National Committee (DNC) or John Podesta’s digital recipe box, the revelations draw the attention of a wide variety of news organizations, and the stories each seem to approach a level of critical mass until a new story emerges. These incidents are all different in scope, and their targets are in the crosshairs of both criminals and hostile intelligence organizations - for motives that vary from political, to monetary, to just plain mischief. No matter the intent of the cyber criminal, the government’s response ought to prevent escalation along the cybercrime continuum. What Americans have seen to this point is network access and data exfiltration – or more simply said: breaking, entering, and theft.