soomz.io

How can we help you?

HIGH FIVE!

Thank you for your purchase. You will shortly receive an order confirmation by e-mail.


Let your friends know about our smart products simply and secure!
Send e-mail to friends

DAMMIT!

Your purchase couldn't be completed. Please check your entries and try again.
Happened again? Then please get in touch with our Help Desk using the contact form.

Try again Contact form

Send us your video

Social Engineering: exploiting the human factor

Social Engineering does not just hinge on technology. No matter how well-protected a company’s hardware and software is, human error can render even the most powerful alarm systems and antivirus software useless.


Unfortunately, one of humanity’s most commendable characteristics, the ability to trust, may also be its downfall. It’s a story as old as time: tricksters and criminals sneak their way into their victim’s confidence in order to gain access to the information they need. It stands to reason that Social Engineering (or “social manipulation”) is not a new idea, but rather a criminal strategy that has been permeating the cyber world ever since the 1980s.

Social Hacking

One of the first people to apply Social Engineering to IT security was Kevin Mitnick, an American hacker. Capitalizing on employees’ inadvertence and ignorance, he hacked into the computer systems of a number of large organizations – among them the US Ministry of Defense – and as a result was sentenced to time in prison. In his book "The Art of Deception", Mitnick stresses that Social Engineering methods are often the path of least resistance into a complex network, and therefore preferable to technically sophisticated cyber attacks.

Sitting ducks

In order to gain access to an IT system without any prior points of contact, a hacker looks for a technical gap he can use as a back door. There are two possible levels for such an attack: a company’s technical infrastructure and the humans who operate it. More often than not, the human factor ends up being the security gap that is easier and faster to exploit than potential flaws in a company’s software and hardware.



This is confirmed by a study entitled "Trick with Treat" carried out by a team of researchers from Germany and Luxemburg, who used a simple fact to their advantage: people’s sweet tooth and weakness for treats. Offering nothing more than a chocolate bar to their unsuspecting victims in return for their personal passwords, they were successful in a staggering half of attempts. Without thinking much of it, almost 50% of the people they approached sold their privacy in return for a little snack. This clearly shows that adepts at Social Engineering methods don’t hack technical devices to get what they want, but rather manipulate our emotions.

Awareness vs oversight

What does all of this mean for companies trying to protect their infrastructures? After all, it is considered good form for employers to put a high degree of trust in their employees rather than monitoring their every step. The solution here is building awareness: The only way to ensure your employees do not end up a security gap is to train them so they are conscious of the dangers and understand how they may be tricked. Hardly anyone would leave the office without turning off their computer or locking the door. By the same token, employees need to realize that even one incident of carelessness on their part when in cyber space or using hardware may have dire consequences for the company.



While awareness may start at the work place, we can’t just leave it at the door when we go home every night. If you are checking your professional email account on your phone or using a work laptop at home, you have to be aware that this also puts you at risk of an attack.

Identifying gaps and closing them

Regular workshops or live hacking demonstrations help employees understand the dangers of fake social media requests and phishing, the importance of password security and the risks that lurk in the physical world in the form of data storage devices left behind or phishing phone calls. This also increases the collective safety awareness and helps employees identify with the company. If the entire team is well-trained and can act as one to prevent an attack, they spoil the criminals’ party before it even starts. Another way of creating awareness is to use certain products that increase security: antivirus software, for instance, not only protects us from online dangers, it also makes us aware of them every time it reminds us to update the software. Hardware based products, such as our webcam coversRFID guards or privacy filters serve the same purpose.


Where there is a will, there is a way – and always some residual risk. That’s why there is no way around regularly and thoroughly reviewing all (!) potential back doors for weaknesses and devising a comprehensive security concept that goes beyond antivirus software and gatekeeping.

We give you food for thought!

Not only do our products provide protection from hackers, skimmers and other data thieves, they also create awareness when it comes to using technology: If you choose to protect your webcam with a Webcam Cover, for instance, you tend to be much more conscious of its presence. That is also why our covers come highly recommended by various government experts and are being used in prevention work with youth:

"What’s great about this webcam cover is that it’s physical and visible. Your average user generally doesn’t understand all the software running in the background on their computer or smartphone, so they are not sure if they can trust it. A simple, physical protective device is just what the doctor ordered."



Rolf Nägeli, Head of the Commissariat for Prevention at the Zurich City Police Department