What social engineer doesn’t love some good old fashion reconnaissance? As a social engineer, this initial stage of information gathering will make or break most engagements. As an Information Security Officer tasked with the job of keeping your organization safe and secure, it is important to understand just what malicious hackers are doing in order to gain entry into your organizations and how they are performing in-depth reconnaissance against your organization to gain all the information they need to perform a successful attack on your organization’s most vulnerable entry point, the human.

Nowadays, hackers are performing more and more social engineer type attacks to gain access/entry into an organization. Why would a hacker spend hours-on-end trying to break in through firewalls when they can just sit behind their computer, and send out phishing emails, knowing that the chance of at least one individual falling victim is almost a guarantee.

It’s a game of cat and mouse. Organizations spend millions of dollars on new services and products, hardware and software, trying to better secure their data and then hackers are tasked with the job of figuring out new ways around it. More times than not, the services and products, hardware and software implemented, DOES prevent hackers from gaining entry. Your money is well spent. But as a hacker, why would I spend countless hours trying to figure out ways around those products, when I could just place a call and ask for entry or send an email and gain entry. We must realize that millions of dollars spent on products will not change the fact that humans are emotional beings and a well-crafted social engineering attack can and will work.

So what information can be utilized by a social engineer to help aid in a successful attack? Well, in all honesty, everything is fair game, and no detail is too small, but there are ways to reduce your risk and there are certain areas to be more aware of in which we can train our employees to make our organization more secure.

In this 3 part series, we will take a deep dive into what information is used by malicious attackers to aid in a successful social engineer based attack. We will take a look at how and where the malicious attackers gain this information, why this information is so powerful, and ways to better protect your organization and the human aspect of your security posture. Stay tuned!

Article Written By: Chad Gutschenritter