With 98 percent of all cyber attacks using social engineering as their breach point, people – and their tendency to trust others – could be an organisation’s biggest weakness in the defence of its information security systems.
This is the view of a senior manager for the incident response team at Lextrado, Francois Mouton, who specialises in social engineering, penetration testing and digital forensics.
“We see companies hacked on a daily basis,” he says, “During a typical week, we have two to three incidents”.
Mouton was one of the speakers at the 2019 Legal Innovation and Tech Fest, which took place in Johannesburg in early June.
He is currently working to develop a human psyche model that the public can use to become cyber security aware and, moreover, to protect themselves against cyber security threats.
Social engineering - or “the clever manipulation of the natural human tendency to trust people,” as Mouton puts it - has become the go-to attack method in the 21st century and technology on its own is no longer a sufficient safeguard against information theft.
People tend to trust, Mouton explains, and this makes them vulnerable to being influenced - or manipulated - by attackers, to divulge sensitive information and allow attackers access to an organisation’s protected systems.
Social engineering can be carried out in bi-directional communications (over-the-phone conversations, for example); uni-directional communications (such as SMSes); or indirect communications.
Says Mouton, the latter presents one of the biggest risk areas for today’s organization.
He says a common way for attackers to gain entry into a firm, is by planting USB devices at or in the vicinity of a target organization. These USB devices are found and inserted into a PC or laptop and once they are, the attacker is in.
“So how can we protect the human?” asks Mouton, “Key is fostering an understanding that social engineering is complex because there are so many elements to it. And – of course – through training and changing the way people think, from a psychological point of view”.
This isn’t to say that the answer lies in getting people not to trust one another, though.
“The concept of trust is something that differs based on environmental conditions and socio-economic upbringing,” says Mouton, “Trust will, however, always remain a basic human instinct”.
And, he goes on, a 'functioning' society depends on this. Without trust, it would spiral into a state of chaos.
But according to Mouton, at least, a healthy degree of skepticism could go a long way to helping individuals protect themselves and their organisations.
The Legal Innovation and Tech Fest brought together industry leaders from around the globe and this year, Africa Legal was one of the partners which helped bring it to life.
“Africa Legal was proud to partner with The Eventful Group in bringing together a diverse and pan-African delegation together for two days of stimulating debate and networking,” says Thomas Pearson, the Chief Commercial Officer of the Africa Professional Services Group. “The need to bring African Legal audiences together to collaborate, share ideas and build networks has never been greater. The in-person nature of the event, paired with Africa Legals’s extensive digital reach, created a truly compelling opportunity and we look forward to working towards adding maximum value to the 2020 conference.”
To read more from the event click here