StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Social Engineering Attacks and Counterintelligence - Essay Example

Cite this document
Summary
The paper "Social Engineering Attacks and Counterintelligence" states that a malicious social engineer is like any other criminal, who has a motive and a goal. Data can be erased or manipulated at a much faster rate than at which it is created and maintained. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.3% of users find it useful
Social Engineering Attacks and Counterintelligence
Read Text Preview

Extract of sample "Social Engineering Attacks and Counterintelligence"

? Social Engineering Attacks and Counterintelligence Social Engineering Attacks and Counterintelligence Introduction With the growth in technology, the world of crime has kept pace too. Criminals today are tech savvy persons who update themselves with all the latest developments in the field of science in general and the cyber world in particular. With the cyber age, even the speed of crime has grown by leaps and bounds. It then becomes imperative for the law enforcers also to keep abreast of these changes in their area of operation. Social Engineering This term is used both in sociology and security. This essay looks at the concept from the security viewpoint. “Social Engineering is defined as the process of deceiving people into giving away access or confidential information” (Social Engineering Defined). Hackers, identity thieves, information brokers, disgruntled employees etc. are examples of social engineers. Dr. Max Kilger, co-author of the Honeynet Project identifies the motivators for non-ethical computer activity which can also be applied to social engineering; these are money, entertainment, ego, cause, entrance into a social group and status within that social group (Typical Goals of a Social Engineer). Counter Intelligence To a layman, counterintelligence would mean the opposite of intelligence seen from the security angle. “Counterintelligence (CI) can be defined as information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons, or their agents, or international terrorist organizations or activities” (Office Of Counterintelligence, 2011). Implications to National Security New age threats of different kinds according to Car and Musladin (2013) pose a challenge to national security. These are explained below. A few such challenges like terrorism, organized crime, and activism with a negative face are considered here. Terrorism is one of the dreaded scourges that affect national security. As Car and Musladin explain, terrorists actively use the internet to network and carry out physical attacks on nations, who even own up to terror acts on the internet. Organized Crime cannot be far behind. The use of the internet ensures that people at the higher echelons of a terror network go unapprehended and remain free to plan further terror strikes. All sorts of fraud take place by cheating unsuspecting victims. The defrauding of banks and other financial institutions can lead to the destabilization of the economy. According to Car and Musladin, activism with a negative face also finds voice on the internet. This can shape and build public opinion. Unfortunately, it can provoke the masses as they can be manipulated by touching raw nerves. On the other end of the spectrum, the internet is also the stage of revolutions and protests. The Arab Spring is an instance of a revolution that took the help of digital media. When mainstream media is muffled or does not offer any succor, it is such media which become the voice of the public and leads to revolutions. Importance of Sound Information Workforce It is of utmost importance that a sound information workforce is maintained. The workforce should be aware of and alert about their work environment at all times. They should be sensitized to the value of the data being handled by them. Only an aware workforce can secure its data. Social engineering also poses a grave threat to security. The key to preventing this would be a transparent communication system at all times. Impersonation and identity thefts can be reduced to a large extent with a structured communication system. At times, the workforce can sense patterns and peculiarities in routine activities. Hence, corrective action can be taken before further damage occurs. Finally, it is always best to strike at the roots. Any fool proof system to be designed for security is best possible only through the wholehearted co-operation and participation of the workforce. Challenges to Organizations It is not easy for organizations to put in place a sound information workforce for various reasons. Lack of adequate training, lack of threat perception, disgruntled employees and keeping pace with technologies are some of these. The workforce needs to be trained about the dangers lurking at every stage in terms of data security. For any deterrent, it is required that the workforce can identify the possible threats like rivals or competitors to the organization. Added to this, an employee with grievances could compromise the security of the organization either to give vent to his/her frustration or as a retaliatory step. Such an employee could vitiate the internal environment of the organization and disrupt the normal functioning as well. Finally, the workforce should know the latest technologies available in the market in terms of prevention. Such technologies are also required in terms of endangering security in case of counterintelligence and also to recover from a breach in data security. This involves a steeper learning curve, and therefore, higher costs. Influencing Organizations The Iraqi War logs, released by WikiLeaks, have been unprecedented in history. Coupled with the Afghan War Dairy, it makes organizations sit up and take notice of the scale to which security is jeopardized. Organizations would focus on the following in the backdrop of the WikiLeaks revelations. Organizations would check the importance of data that could be compromised. Consequently, the data could be placed on graded security depending on its significance. Hence, prioritization of data begins for the purpose of security. Human Resource Management would get a boost in that employee issues would be sorted out at the earliest to prevent the case of disgruntled and dissatisfied workforce. Counter Intelligence would be put in place as a policy measure. The actions of the employees could be put on surveillance. Employees of rival companies could be cultivated to gather competitor information. Firms could also become more tech savvy to remain one step ahead of criminals. Sadly, there would be no alternative other than espionage to survive in business. Business would only become more vicious. The internal environment could become more formal and stifling than before. The natural result would be the increased cost to security and cutthroat competition. Methods to thwart intelligence leak in the future The Wikileaks revelations make it imperative that intelligence leaks should be prevented in future. It is better to have safety measures in place than to face the unimaginable consequences at a later date. A culture that is aware of security is needed to thwart social engineering attacks (Security and Social Engineering, 2011). One should always protect data against viruses. Viruses are the best source of spyware and malware. These may damage data and/or software on the network. They could also siphon off the data or track the browsing preferences of users. The anti-virus used should be periodically updated. All types of emails should first be checked for viruses before downloading. When any program requests for removing the existing firewalls, it should be closely examined. One should decide what data is sensitive, not all of which is critical. Such information can be placed on relatively lower security. Other data should be provided restricted access. Restricting entry to such information by itself could keep it from falling into wrong hands. Highly critical data could be processed outside of the organization’s computer networks. It could then be placed offline for good measure. The antecedents of all those handling data should be checked. Employees who have given a notice period before resigning from the organization or those who are on the dismissal list or those who are on probation should not be entrusted anything sensitive in the respective period in question. Conclusion A malicious social engineer is like any other criminal, who has a motive and a goal. Data can be erased or manipulated at a much faster rate than at which it is created and maintained. Computer security personnel should examine why a social engineer would want to enter the system and what ulterior motive he/she has. On this basis, training can be imparted and preventative measures can be implemented (Typical Goals of a Social Engineer). References Car, V & Musladin, M. (June 17, 2013). International Communication Association Pre-conference. Strategies for Media Reform: An International Workshop, Goldsmiths, University of London, London. Retrieved from http://strategiesformediareform.com/wp-content/uploads/2013/06/ICA-Pre_conf-London-2013_V.Car-and-M.Musladin_final_Strategies-for-Media-Reforms.pdf Office Of Counterintelligence (Dxc). (2 May 2011). Terms & Definitions Of Interest For Dod Counterintelligence Professionals. Defense Ci & Humint Center, Defense Intelligence Agency. Retrieved from https://www.fas.org/irp/eprint/ci-glossary.pdf Social Engineering Defined. Retrieved from http://www.social-engineer.org/framework/Social_Engineering_Defined Security and Social Engineering. (Updated 26th September, 2011). US Dept. of Commerce, Office of Security, Retrieved from http://webcache.googleusercontent.com/search?q=cache:EHtR1AdI5KgJ:www.wrc.noaa.gov/wrso/briefings/SECURITY%2520AND%2520SOCIAL%2520ENGINEERING.ppt+&cd=1&hl=en&ct=clnk&gl=in Typical Goals of a Social Engineer. Retrieved from http://www.social-engineer.org/framework/Typical_Goals_of_a_Social_Engineer Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Social Engineering Attacks and Counterintelligence Essay”, n.d.)
Social Engineering Attacks and Counterintelligence Essay. Retrieved from https://studentshare.org/information-technology/1487555-social-engineering-attacks-and-counterintelligence
(Social Engineering Attacks and Counterintelligence Essay)
Social Engineering Attacks and Counterintelligence Essay. https://studentshare.org/information-technology/1487555-social-engineering-attacks-and-counterintelligence.
“Social Engineering Attacks and Counterintelligence Essay”, n.d. https://studentshare.org/information-technology/1487555-social-engineering-attacks-and-counterintelligence.
  • Cited: 0 times

CHECK THESE SAMPLES OF Social Engineering Attacks and Counterintelligence

Chinese Versus American National Cyber Security

This paper ''Chinese Versus American National Cyber Security'' tells that Cybercrime is a reality that has hit the information networks in a world driven by computer and internet technology.... With the rapid development of technology in the world, countries are experiencing more economic losses from cyber-attack....
11 Pages (2750 words) Research Proposal

Attack Plan on Goodwill Industries International

social engineering and Physical Security social engineering could certainly give an attacker an avenue whereby contact with individual donors at Goodwill Industries International, enticing them to give more money to causes that are actually fictitious and non-existent.... In the end, social engineering ... Computer networks are vulnerable attack and it is wise to consider those weak points in order to prevent attacks that can have disastrous consequences....
4 Pages (1000 words) Essay

National Counterintelligence

In the paper “National counterintelligence” the author focuses on a key priority of the National counterintelligence Strategy Report, which is to prevent spies from corrupting U.... hellip; The author states that the potential consequences of counterintelligence failures will be immediate and devastating.... counterintelligence agencies should review their operations to identify efforts by terrorists to penetrate or manipulate the United States....
1 Pages (250 words) Essay

Social Engineering

Included in the research portion is an extensive review of a case study that was performed on a number of different companies that exploited these companies… Then there will be an analysis of the research, and then a discussion of what I believe about the need to balance legitimate defenses against social engineering with the need to not go overboard and make people feel like common criminals or unwelcome.... Lastly, I will The term “social engineering” was coined by Kevin Mitnick, a hacker who spent many years in federal prison for nefarious activities, then became a highly sought-after computer expert, writing books and other journals....
12 Pages (3000 words) Essay

Social Engineering: Examining the Latest Scams

This paper will also assess main attacking areas along with possible counter techniques to secure the social engineering attacks.... In scenario of computer security, social engineering is a paradigm that illustrates a non-technical type of interruption that depends significantly on human interaction as well as frequently engages scamming other people to break standard security measures.... A social engineer… For instance, a person making use of social engineering to burglarize a business or else personal computer network would attempt to attain the confidence of someone who is allowed to have the legal right to use the network so as to They may be known as the authorized worker by having a number of types of urgent problem; social engineers frequently depend on the usual concern of people and on their faults....
17 Pages (4250 words) Essay

Reverse Social Engineering Attacks in Online Social Networks

The writer of the essay "Reverse social engineering attacks in Online Social Networks" suggests that in order to minimize the effects of RSE, the networking sites should only suggest possible friends when there is a strong connection that exists between them.... hellip; A social networking structure comprises of nodes that are represented by individuals and is also one of the most widely growing phenomena to date.... social networking sites such as LinkedIn, Facebook and Twitter, which are, being utilized primarily for communication, oriented either upon business related ventures, friendship....
4 Pages (1000 words) Essay

Injection attacks

Injection attacks refer to the introduction of malicious codes or scripts into a program or web application from an external source (Patel, Mohammed & Soni, 2011).... An example includes an input field provided by web application to gather input from an end-user. Kolhe and… (2014) define SQL injection as a code injection attack involving the insertion of malicious SQL statements into an entry field for subsequent execution so as to attack the database and perform varied forms of database operations, interactions and functions without the This SQL injection would fool the database to be a regular user query and then easily access the system....
3 Pages (750 words) Research Paper

Principles of Information Warfare

The nature and the characteristics of information make it susceptible to attacks and subsequent manipulation (Hutchison &Warren, 2001, p.... The nature and the characteristics of information make it susceptible to attacks and subsequent manipulation (Hutchison &Warren, 2001, p.... For this reason, the two authors designed a conceptual framework, which illustrates how data, information, and knowledge are interlinked in context and consequently to demonstrate how to protect each level from attacks....
8 Pages (2000 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us