SECM®

Social engineering is the exploitation of human relationships to gain valuable information by deceiving people, a process that requires an acquired social skill and persuasion. A successful social engineer can extract confidential information from an unwitting and unprepared employee without them acknowledging they have been deceived. They exploit social and psychological behaviour patterns – turning human nature against us. People generally aim to encourage positive experiences in our social interactions and our endeavour to please and be helpful makes us vulnerable to manipulation.

Social engineering is perceived as a ‘low-tech’ form of industrial espionage, but new technologies can be used to improve its effectiveness. Attackers can collate data from employees’ social networking pages. Singularly they may not expose any vital information, but collectively they can provide enough background material on a company for a successful attack.

WhiteRock counters social engineering. We consult clients in all areas of social engineering from recruiting staff to ongoing training and development. We help and encourage staff to understand when they or their company may be under threat and how to deal with such situations. We run awareness sessions that include scenarios that give substantial benefits and contribute to the organisation’s overall TSCM cover.