5-2 Project Three Milestone Social Engineering

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

260

Subject

Electrical Engineering

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by Mngene2002

CYB 260 5-2 Project Three Milestone: Social Engineering Gene Schexnayder 11/22/23 I. Summarize the significance of social engineering as an area for a security practitioner to have knowledge of. By security practitioner having social engineering knowledge, they can protect an organization from attackers trying to gain private data, including date of birth, bank account information, and passwords. Security experts will be shown through training demonstrations how attackers could try to socially engineer employees of a company. A security professional can prevent a duped victim from divulging enough details to start an attack that could take down an entire company. II. Select one social engineering method from each of the categories in the list below. For each of your chosen methods, provide a brief description of how that method could be applied to expose an organization. Social Engineering Methods o Physical  Baiting - A social engineering scam where the con artist uses a fictitious promise to entice a victim or organization into a trap where they could be robbed of their financial and personal

information or have malware installed on the organizations system. A malicious attachment with an alluring name could be the trap. o Psychological  Reverse social engineering - The attack is person-to-person, in which the attacker approaches the target directly to coerce them into disclosing private information of an organization. Typically, the hacker uses social media and emails to get in touch with the target. They then use a variety of deception techniques, such as posing as knowledgeable security personnel or a benefactor, to persuade them to grant access to their system or network within an organization. o Technological  Phishing - Act of trying to obtain private data, including usernames, passwords, and credit card numbers, by phone, SMS, or bulk emailing under the guise of a reliable organization of an organization. When people receive phishing messages, they may feel scared, curious, or in a hurry. The message is designed to trick recipients into disclosing private information, opening malicious attachments, or clicking on links to untrustworthy websites in an organizations system. III. Select one of the case studies from Chapter 8 in Social Engineering: The Art of Human Hacking (linked in the Reading and Resources section of Module Five). Describe an appropriate method of training employees to reduce the threat of one of the social engineering methods used in your selected case study. In your response, consider including the issues related to the following questions: Top-Secret Case Study 2: Social Engineering a Hacker

o What are the key warning signs that would indicate to an employee that they are a victim of social engineering? Arrival of an Unexpected Message Sender Makes an Unusual Request for Action That Could Be Dangerous Attacker Provides a Sense of Urgency and Attaches an Odd File or URL o What are the best practices employees should be aware of concerning the social engineering method? John had to pretend to be someone else on the fly, as this conversation demonstrates. This task is difficult and typically requires extensive planning, he had to assume the role that the "hacker" had assigned him in order to protect his client and identify the intruder. John was ultimately given his photo, email address, and contact details. After alerting his client about the malevolent hacker, the issue was resolved to prevent the hacker from having such unrestricted access to the company's systems. This top-secret case demonstrates how social engineering applied skillfully can greatly increase client security. A few other ways: Dual-Factor Verification.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Keep an Eye on Critical Systems and Make Use of Cloud-based Next-Generation WAF Identify the Email Sender Determine which of your important assets draw criminals. Inspect for Penetration Testing of SSL Certificates Make sure your security patches are up to date. o What are ways training can help with getting employees to adopt the security mindset necessary to reduce the vulnerability to the social engineering threat? Incorporate social engineering information into messages sent to employees as part of an ongoing training strategy. Include it in the staff newsletter. Transform everyday emails into scenarios that happen in real life. Post advice on notice boards. It is best to start your anti- social engineering campaign as soon as possible with new hires. Additionally, your educational campaigns ought to remind readers that social engineering occurs outside of your company's walls. Hackers can listen in on phone calls at the grocery store or steal information while riding the subway. Social engineering attacks are easily triggered by sharing excessive amounts of information on social media.

References 5 tips to train workforce on social engineering . (2019, August 6). SecurityMetrics. https://www.securitymetrics.com/learn/5-tips-train-workforce-social- engineering# Carnegie Mellon University. (n.d.). Social engineering - Information security office - Computing services - Carnegie Mellon University . CMU - Carnegie Mellon University. https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html Chinnasamy, V. (2023, October 9). Social engineering attacks: 10 ways businesses can prevent it | Indusface blog . Indusface. https://www.indusface.com/blog/10-ways-businesses-can- prevent-social-engineering-attacks/ EC-Council. (n.d.). What is reverse social engineering? And how does it work? | Aware | EC- council . Cybersecurity Awareness App | Aware EC- Council. https://aware.eccouncil.org/what-is-reverse-social-engineering.html# Grimes, R. (n.d.). 5 ways to recognize social engineering . KnowBe4 Security Awareness Training Blog. https://blog.knowbe4.com/five-signs-of-social-engineering