The 21st-century market has been in a changeover phase, with businesses moving away from analog methods toward a digital office environment that is characterized by a computerized type of work culture. However, the transformation has brought numerous threats and risks regarding one of the vital factors facing businesses: the social engineering employed among hackers for hacking methods that depend on human weaknesses instead of technology. While writing my research, I realized that the motive of such attacks is mainly to acquire passwords and other vital data by deceiving unknowledgeable victims and then using that information to conduct unlawful activities. Security experts claim that such threats originate from an internal working environment or employees that have additional privileges when it comes to a firm’s information. Social engineering is mostly conducted by individuals who have the urge for power or control over others. While completing my research project, I felt the need to reflect on how the process has transformed my understanding of social engineering tactics.
Before I started working on my class project, I had the perception that hackers are individuals who use high-end technology to gain access to vital information that is not otherwise available. While this notion can be true in some cases, as I conducted my project, my understanding changed since I realized there are other ways to gain access to information with little technical knowledge. I now acknowledge that data is available without restrictions. Social engineering utilizes the advantage of this fact to extract additional intel through manipulation of perceptions of those disclosing the needed information. I came to grasp that even though social engineering does not need one to be a tech-savvy, to be a successful social engineer, one has to have particular traits. For instance, one has to be a perceptive person, being acutely aware of everything in his surroundings and using it as a tool. Another aspect of a social engineer is being able to interact with others. To conducting thorough research, one must know how to convince the respondents to disclose information that they would otherwise not reveal.
Before the research, I knew little about social engineering. I am more informed about the topic and its use in shaping public attitudes and behavior. Social engineering can be related to deception which Jackson (2018) defines as a fast and effective way to access a company’s data since it is easier to trick people than to hack their hardware or break their offices. I did not know that social engineering is the human side of cracking a business network. I thought of it as a more complicated means of data extraction. However, I came to learn that human interaction is an essential requirement and it is preferred since people are easily manipulated. I also ascertained that the main motive of social engineers is to gain information regarding usernames, passwords, PINS, and credit card numbers among other sensitive information. I can describe it as an attack on people since hackers are motivated toward extracting data for personal gain rather than to cause system failures. Upon completing my project, I learned that web spoofing is a distinguished problem involving e-mail scams and web sites to grab users’ private information. I also realized that the best way to be protected against social engineering is through education and supervision.
Following my research, I now look at the issue of social engineering from a different perspective. At first, I had this misconception that the only goal of spear-phishing (a social engineering tactic) is to deliver a load of malware to a particular employee of an organization. However, I came to realize that even though malware delivery remains a common tactic in spear phishing operations, today’s spear phishers continue to employ low-tech tactics to ask for user credentials through urbane replications of their web pages. In fact, they are using a technique called a data entry phishing that Belani (2012) remarks involves no malware. Consequently, it difficult for the victims to detect it. I also had the notion that social engineering is illegal. However, in the course of my research project, I learned that the practice exists everywhere in a completely legal, even though somewhat immoral way. For instance, marketing utilizes social engineering tactics to improve sales. I, thus, concluded that social engineering is both legal but unethical in some situations.
During my research, I found Russell A. Jackson’s article, Pulling Strings, to be a vital source that had the greatest effect on my understanding of social engineering. In his article, Jackson (2018) argues that emails with eye-catching content, irritating social media messages, bogus package deliveries, and phone calls are the four fundamental forms of social engineering that seem harmless and a waste of a company’s time, but pose substantial risk to even the most secure organizations. Based on thorough research conducted over time, the author concludes that the main method of accessing a company’s system is through spear phishing. I agree with Jackson since the technique is global in reach and free. It is from the article that I learned about different techniques of social engineering such as baiting, scareware, tailgating or piggybacking, vishing, water-holding among others. I would gladly recommend the article to anyone interested in learning about social engineering as it is rich in information about techniques that hackers use and recommendations that companies can employ to stay on the safer side.
The knowledge I have gained on social engineering while completing my research project will be vital in my future decisions either as an employee or a business owner. I now understand that social engineers manipulate human feelings to accomplish their schemes and draw victims to their traps. Therefore, I will always be wary whenever I feel alarmed by an email or attracted to an offer displayed on a website. Being alert will help me protect myself or my company from most attacks taking place in the digital realm. I will be cautious not to open emails and attachments from suspicious sources by employing multifactor authentication. I will also keep my antivirus/antimalware software always updated. Lastly, when I achieve my dream of owning a digital company, I will always take my employees through regular training about the upcoming trends in social engineering.
Conducting this research project has helped me comprehend the dynamics of social engineering techniques. I now fully understand that it is a method perpetrators use to exploit the casual and informal defiance of individuals, which could only intensify security issues and grow immensely if people fail to make security their priority. Social engineering has penetrated deep into our systems and it succeeds by acknowledging the tendency of humans to be fooled easily, thus making it difficult to eradicate. In my view, mass awareness of the cause can be vital in restricting the spread of the networking epidemic.
Belani, R. (2012, October 1). Breaking the myths of social engineering. Retrieved from https://cofense.com/breaking-the-myths-of-social-engineering/
Jackson, R. A. (2018). Pulling strings. Internal Auditor. 34-39.
PLACE THIS ORDER OR A SIMILAR ORDER WITH GRADE VALLEY TODAY AND GET AN AMAZING DISCOUNT