It tends to think that the most dangerous situations and that make organizations more vulnerable, are cyberattacks of viruses, malware, phising etc. That’s why they look for tools to deploy and protect your information such as firewall, antivirus etc. And sometimes we forget or even don’t know that social engineering is the great enemy. And sometimes the great stranger.

But what is social engineering?

It is a widely used technique among cybercriminals, which aims to persuade and manipulate the people of an organization, so that they provide confidential information to you or take a certain action. A way to deceive the workers of the organization and not the system itself.

One of the most significant reasons that explains why social engineering is the great enemy,lies in the human being, since it is the weakest piece of this chain. Which makes the employee the most likely to be attacked and puts the organization at risk.

Among the main objectives of this practice are:

  • Obtaining information
  • Access to a system
  • Stealing an asset

And if we also take into account that there is no system that does not depend on a human being, this makes social engineering universal and independent of the security solutions implemented.

Thanks to the trust that usually provides users with the means by which they receive such requests or the person making them, they make the victim make the requests without thinking about it.

We all believe that we would be able to respond and recognize practices of this kind, the big problem is that the methods used by cybercriminals are very elaborate and credible. Messages from blocked bank accounts that require verifications are among the most common.

What broadcast channels do you usually use?

  • Email
  • Phone calls
  • Messaging apps
  • Social media
  • Dumpster Diving or Trashing: search for phone books, storage devices, work schedules etc.

Now we can see clearer than the cybersecurity not only depends on a set of tools and solutions that are implemented in organizations’ information systems, but is part of a process of training and business culture where everyone has to have knowledge and know that at any time we can be vulnerable.