A thought that occurred to me in this chapter is why are the front line people always the easiest to infiltrate? I have seen this in many organizations. The cashier, receptionist, accounts payable, accounts receivable...these are generally low paid personnel in trusted with a valuable information. The more educated, less susceptible to the con are higher up the chain They generally do not posses the valuable detail information that the social engineer is after, that is what the front line is for. As in the con with Craig Cogburn, a receptionist was the first victim. Receptionists are extremely eager to please the boss and fall into the role of 'helpful, team player' quite naturally. The helpful nature is what makes for good receptionists, but also makes them gullible to the attack.
I completely agree that education and training are the only viable solutions. The big wigs do not have the time to deal with the detail information, nor should they have to. The front line employees should be educated on the various forms of attacks. They should be required to read this book. They should be tested occasionally. A set-up social engineer randomly 'attacks' the individual once a month. Kind of like a secret shopper, but a secret infiltrator if you will. This sounds like the making of a fun and profitable consulting firm. What do you think guys? We could test a firms security, train the employees on how to handle various situations, then evaluate the success through random screenings.
Subscribe to:
Post Comments (Atom)
3 comments:
That is true- take receptionists for example. Many may consider them low on the totem pole, but think about all the valuable information they have? Good sales people call them "gatekeepers" because if the receptionist likes you, you will get a meeting with the big boss. Executives need to acknowledge this, and compensate (as well as train) them adequately.
Additionally, I think the front line workers are the most suceptable because they have less buy in with regard to the firm. They are the ones making the least amount of money yet having the most contact with customers. I know its been hard fro me to always be positive when serving as a front line employee.
I think the "low-level" employees need to be payed more, and the high level CEO's need to take a pay cut. The salary of some of these CEO's is outrageous, while the people who the company relies on get paid nothing.
Post a Comment