How Hackers Can be Stopped

“Pulling Strings” in Internal Auditor Magazine The article by Russell Jackson (2018) entitled “Pulling Strings: High-level hackers are using social engineering tactics to manipulate employees into giving up vital information,” the subject of hackers using deceptive practices to trick employees into giving up company data is discussed. Jackson (2018) describes how hackers have now realized that it is easier to use deception and fool workers into granting access to organizational data than to actually try to hack their way into an organization’s system and steel information.

As Jackson (2018) points out, “well-intentioned employees will offer account numbers, volunteer passwords, and even open locked security doors if the request seems reasonable or the threat seems real?—?or if the stranger seeking physical access is a decent actor with an adequate disguise.” Workers fall for four basic social engineering ruses—(a) content in a strange email that looks inviting, (b) provocative social media messages that they just have to respond to, (c) fake package deliveries, and (d) exciting offers made over the telephone.

Jackson (2018) states that auditors have to know what the trends in social engineering are so that they can help prepare organizations to face ever-changing threats to their security. The most common tactic that hackers use is spear phishing. The victim gives up all security by clicking on suspicious links in an email or text messaging and clicking a button on a website they’ve been directed to.

The main method used by the hacker is persuasion: the hacker convinces the employee that it is in the best interest of the organization to follow the directions. Oftentimes, employees are undone simply by curiosity: they do not exercise the critical thinking skills needed to assess the threat level of a strange email, text or phone call. Employees have to be advised by organizations to be on the lookout for such communications and the organization has to develop a protocol to follow for every communication received.

Social engineering training can help organizations and their employees to be better prepared to handle any of the above described tactics. The goal is for employees to be mindful of the different ways that hackers could be out to dupe them. Getting into the practice of always asking for ID even if it might seem rude is the best approach.

To get over the fear of possibly offending someone, social engineering training is designed to educate workers on why it is so crucial that they be cautious—better safe than sorry truly is the case. What I learned from this article is that it really is important that workers take an internal audit of their own feelings about social engineering and rethink the way they’ve been programmed to respond.

Innocent emails, texts or phone calls—or even someone asking, “Hey, wait, could you hold the door for me?” are all tactics that hackers can use to gain admittance to an organization and its internal infrastructure, information or framework. I also learned that it is important for organizations and auditors to be fair. Rather than try to punish workers for making a very human mistake, the right approach is education. This is described by Jackson as.