Social Engineering and Security Awareness

In the case of social engineering, secunet explicitly uses non-technical methods to access classified information. There are various ways of achieving this:

• Analysis of disposed material (paper, data media, hardware)
• Installation of hardware keyloggers
• Distribution of prepared media (USB flash drives, promotional CDs)
• On-site appointments with fictitious invitations

Many employees are susceptible to well-prepared attacks, what makes social engineering measures so special. While technical security analyses are often generally unnoticed by staff, social engineering measures can be used to increase awareness, besides fulfilling its primary objective of discovering weaknesses. Due to the very social aspect of these analyses, secunet protects the identity of the employees who fell for attacks.