WSJ: What are the signs [of social engineering] you have people look for?It might be tempting to regard improved security as easy, if only more people would think critically. That might be true, but the specialist admits to have been tripped up recently himself. I have trained myself to view requests for certain kinds of information very skeptically, but this interview shows how easy it can be for someone to fake credibility in any moment we might be off-guard. As Hadagny states elsewhere, continual improvement of knowledge is an invaluable complement to critical thinking.
MR. HADNAGY: That's a harder one. We try to teach critical-thinking skills. Do the questions seem to match the call? Why would HR need to know what operating system you're on? Why wouldn't the IT guy know what antivirus you have?
There also is a very simple fix but really hard to institute. On the intranet you make up a color, say, cyan or yellow. That's the color of the day. Only the people internal to the company should know that. I call you and I'm the tech guy. You ask me what the color is.
-- CAV
No comments:
Post a Comment