1/19/2009
This is how you get tricked to surrender secret information
Us humans don't always do as we are taught and organizations are poorly prepared for IT-security attacks aimed att human weaknesses. Since it's hard to change peoples behaviours security educations is not enough.
This is shown by Marcus Nohlberg, guest lecturer at the University of Skövde, in a dissertation at the University of Stockholm, where he has examined the attacks that in IT-context are called Social Engineering.
- As early as a couple of years ago I predicted that this type of attcks would be common, particularly creditcard frauds, says Marcus Nohlberg.
Despite the serious result as many frauds are successfull, has the tecnique been studied fairly little among scientists. Marcus Nohlbergs research has lead to increased knowledge about what metods the atackers use and what makes organizations and people vulnerable to them. It is a bit disheartening that Marcus Nohlbergs research shows how little information and education actually works:
- There is allways a small group of people that doesn't do as they are taught. Furthermore there is generally not enough security education, it takes continous security work within an organization. The best way is practical exercises and organizations will probably have to make more internal controls with fictive attacks in order to find the weaknesses within, says Marcus Nohlberg.