When High Tech Security Fails
State of the art security system defeated by – Chocolate?
You may have the newest Cisco router, intrusion detection systems and security software available, but what if the hacker simply sneaks into your office and walks away with your whole server? On more than one occasion, a hacker, unable to penetrate a server from the outside, broke into the company and walked out the door with the server in hand.
People tend to forget the human factor in hacking. One of the largest diamond heists in history was not due to the firewall being penetrated and web server cracked. The suspect simply walked in the front door and over time won the employees over with… Chocolate. Once he earned their trust, they gave him a key to a special area that he then used to steal about $28 Million in diamonds. Attacks like these are called “Social Engineering”. A social engineering attack is when hackers manipulate people to get information or access that they want. The quickest way into a high security locked area? Tailgate in with a group.
Many times a CEO will not give out his password to anyone, but his secretary might, if asked by a hacker posing as a tech support representative. Personnel need to be on the lookout for these types of attacks and question people who they don’t recognize. I have provided onsite computer support in small to large companies for over 15 years and have only been asked for credentials 3 times.
One last point, don’t just focus on computer security when defending your system. Make sure that your building is physically secure. Not just the first floor either, many times thieves have gained access to a building from an unsecured second floor.
Daniel W. Dieterle