 |
How Social Engineering Experiments Pay Off19 ,February, 2009 From Dror Todress |
This article shows just how easy it is for a hacker to introduce malware to a company’s network using a little social engineering. In this case, the infected USB thumb drives were introduced by a security consultant conducting an experiment in an organisation.
But it shows just how vulnerable companies are to a simple, but powerful driver: human curiosity. This is mirrored in the USB security survey done by SanDisk in April 2008. 12% of corporate end users reported finding a USB pen drive in a public place, and 55% said they would try and view the data on it.
So it’s no surprise that networks can be hacked, and infections spread by these means. Once again, it’s a powerful reason to deploy port control, to issue users with company encrypted USB thumb drives, and to enforce the policy that only company-issued drives are used on the network.
