Characteristics of a weak security chain
Industry experts and government regulators agree that institutions most at risk of succumbing to social engineering tactics tend to lack:
- Adequate policies and procedures pertaining to physical security;
- A security awareness program that allows for training of employees at all levels; or
- An established system of vendor and visitor tracking.
These three elements are dependent on each other to properly defend against the threat of social engineering schemes.
A deficiency in one area creates significant vulnerabilities in the others, allowing easy entry points for savvy criminals to exploit.
Of course, professional social engineers know this information, too. That’s why tactics like the “trusted vendor” scenario—which can exploit numerous vulnerabilities simultaneously—tend to be highly successful at organizations that have inadequate polices and procedures, limited security awareness training, and no formal system of tracking authorized vendors.
Next: A ‘trusted vendor’ scenario