According to my research, social engineering in a sense of information security is defines as the psychological deception of an individual into unveiling private or personal information or doing an action illicitly. The process of social engineering involves creating a trick on an individual to gather personal information in a secret manner. People that engage in social engineering usually have confidence that they can access the system, fraud and even gather personal information without the owner acknowledging their action. Hadnagy & Wilson (2010) This could also be defines as a non-technical access to the personal information due to the interaction of human beings and convincing the individual to differ with the normal security procedure. Many people that practice social engineering understand the ignorance and arrogance of people and take advantage before the individual starts to protect their confidential information.
The victims of social engineering usually reveal their personal and confidential information without being forced. Social engineering has evolved in the information technology sector. Critics evaluate social engineering in various perspectives. First, social engineering is used as a support for the psychological manipulation technique to acquire banking information of a person and using psychological manipulation to access IT system for personal benefits. Many cyber-attacks have adopted the use of social engineering to benefit from the action and due to the increased use of IT (The success of social technology involves the scammer access personal or confidential information as well as manipulating a person to provide confidential or personal information without suspecting the motives of the person. The IT sector faces security threats due to social engineering. Social engineering is a threat because it is non-technical and does not involve exploitation and compromising of the systems or certain software. Hadnagy & Wilson, 2010).
How Social Engineering is used
Reynolds (2016) opines that social engineering is the current form of corn or fraud that many individuals benefit without using force or interfering with the system. The process of social engineering involves the individual accessing the data stores by stealing the credentials of the users and gaining the confidence of the users. The scammers usually masquerade as the owners or insiders to the system. The scammer also takes advantage of the perceived personal weaknesses of the victims to access the confidential information. For instance, a scammer can call the victim with a feigned urgent problem that needs urgent network access. The social engineers usually appeal to greed, vanity or even authority using social media. In other cases, the changes in cybercrime may involve convincing the victim to open their email that contains attachments with malware. The other form of social engineering may involve scaring a person to run the malware or even install the malware.
The Impact of Social Engineering
The increases in the cases related to social engineering might lead to a higher financial cost to the individual and the firm. Many organizations face serious threats due to increased cost due to social engineering, and many insurance companies are facing such losses. The security breach has made many individuals to incur losses due to the maintenance of the system to avoid being a victim of social engineering. For instance, in 2015, cyber-attacks forced many U.S companies to incur losses due to security breaches. According to the report from the San Francisco Computer Security Institute (CSI), many companies faced security breach in their systems, and the rate had increased to 90% from 76% in 2013 (Reynolds, 2016). The study also quantified some of the losses and highlighted that some companies made losses of $4million due to the effects of social engineering.
Reynolds (2016) opines that social engineering can lead to loss of goodwill and reputation. When a company experiences several cases of social engineering, it may lose its base and reduced levels of business operations. In some cases, the scammer can access credit card information for customers in an online company. The customer may be unwilling to engage in any form of business with the company if they realize that their credit information has leaked out. The users usually associate and consider such sites as unsafe and insecure. More so, some of the users may initiate a lawsuit against the management of the company for compensation. Thus, many online companies lose customers due to the effects of social engineering. For instance, PayPal experienced social engineering as the scammers asked the customers to re-enter their credit card data (Hadnagy & Wilson, 2010). The customer lost money on her credit card, and this caused a huge problem for the company. The company had experienced some problems with the computer systems, and this led to chaos and distrust among some customer to stop using their services. Some of the customers felt that PayPal had conned the customer because the e-mail had almost similar typeface and PayPal logos and their security symbol. The hacker got away with the money, and the company was forced to compensate the user. Thus, such incidences can lead to huge losses of reputation leading to reduced business and thus closure of the company.
In conclusion, social engineering is a common problem that faces various organizations and individuals. The issue has several negative effects as many users make losses and taint their reputation. The application of social engineering is growing due to the increased use of internet in various aspects of life.
...(download the rest of the essay above)