Social Engineering – the Exploit that Predates Computers
At Cisco we understand that the field of IT has grown considerably over the past few years, reaching the point where even professionals in the industry can have a hard time keeping up with everything that is happening in all areas. With groups like Anonymous and LulzSec taking down some pretty big names, it is clear that there is need for greater awareness of security and some of the issues that make security an interesting but ongoing challenge.
We have recruited Scott Olechowski and Patrick Peterson (read about Peterson’s epic battle against spam in Forbes) to make a series of videos, each of which will present a single issue in a bite-sized nugget that will hopefully be both informative and interesting. We have written and filmed these videos such that a fairly wide audience, from IT generalists to clueful laypersons, would likely understand and get something from them. We realize that communicating with users about security, or just about any IT-related issue, for that matter, can be challenging at best. We hope that these videos will be shared with users and help communicate the importance of security.
The first video in the series takes its title from a phrase coined by famed hacker Kevin Mitnick (@kevinmitnick, a man who has what must be the coolest business card in the world), “Social Engineering.”
Social Engineering is the practice of using guile, deception and misdirection to cause a victim to take action to help facilitate or enable an exploit, and is thus the only hacking technique that predates information technology. It is also one of the biggest threats we face in the industry today. Indeed, the 2010 Cisco Annual Security Report covered social engineering and the role it played in Zeus, Koobface and the Cutwail botnet.
Here’s the video, the first in the SecureX Files series. We hope you enjoy it and share it with others, but don’t forget to come back soon, as we will be releasing additional videos over the next several weeks. Stay tuned!