By Ahmad Austin
Vice President, BTL Technologies
Did you know that a cybercriminal does not need to hack into your network or break into your office to obtain your business’ information? The individual just needs to use psychology and a human’s nature to trust people against them or social engineering. Social engineering is the art of manipulating people into performing actions or divulging confidential information.
‘Search engine poisoning’ is a common form of social engineering. This will likely involve a specially crafted website that contains malware. As soon as an incident of international interest occurs, the attackers use search engine optimization techniques to make this website appear high on search engine returns. So, if there’s an earthquake or plane crash – use caution when searching in Google, Bing or Yahoo; there may be false links to a bad website. Having said this, search engines are typically very good at recognizing this attack and removing the links.
One of the easiest and most common forms of social engineering is simply leaving a USB flash drive laying around and waiting for a person to pick it up and put it in their computer. Let’s play this scenario out, putting me in the role of the cybercriminal. Every Thursday, you meet with your field consultants at a local coffee shop at 6 p.m. Before your meeting, I place a flash drive on the table that you meet at each week labeled reports. Your field consultant picks up the flash drive and puts it in her laptop, launching a virus. The virus gives me access to her laptop, which she happens to record information from her work, giving me access to client’s credit card numbers that sell for $500 a piece on the black market. If you have doubts about this scenario being realistic, place five USB flash drives in your company’s receptionist area and see how long they remain there.
The key to minimizing the risk of being a victim of social engineering is to enhance your security awareness. The Tennessee Procurement Technical Assistance Center, a program of The University of Tennessee Center for Industrial Services, in conjunction with the Manufacturing Extension Partnership, the UT County Technical Advisory Service (CTAS), Mowery Insurance, Oak Ridge Chamber of Commerce, Tennessee Small Business Development Center at Roane State Community College, BTL Technologies, UT Law Enforcement Innovation Center, Nashville Business Incubation Center, and Cockrell, Webb, & Associates are hosting a Cyber Security Awareness Training on Thursday, December 7th at the Oak Ridge Chamber of Commerce (1400 Oak Ridge Turnpike Oak Ridge, TN 37830) from (11:30 AM to 2 PM). Lunch will be provided. This free training will teach government contractors and businesses:
- How to minimize the risk of a company’s inside threats
- About controlling unclassified information and determining what information to pass on to Subcontractors
- To have a better understanding of cybersecurity oversight responsibilities in becoming compliant with NIST 800-171 and DFARS 252.207.7012 – required by December 31, 2017
For more information, please contact Veronica Clark at email@example.com or 615-253-6381.
About BTL Technologies:
BTL Technologies is a world-class, visionary company which specializes in providing medical, information technology (IT), and management services. BTL believes in partnering with clients to exploit technology and expand horizons of service excellence in order to advance its clients’ missions. BTL is an 8(a), SDB, service disabled veteran-owned small business specializing in providing its services to federal as well as commercial clients. BTL is dedicated to ensuring that all contracts are completed smoothly and successfully through superior management and attention to detail.