What is Social Engineering?
21st September 2020
You lock the front door when you leave the house, don’t you? You brush your teeth, you wear a seatbelt, you keep the dog on a lead on busy roads. In fact, like most people, you probably enact half-a-dozen safety and security procedures every day, without even thinking about it. Yet when it comes to data security, many of us choose to adopt a less scientific approach – one that involves simultaneously burying our heads in the sand and crossing our fingers.
We shouldn’t. Cybercrime is big business, costing UK companies up to £30bn year, while phishing scams cost private individuals up to £190,000 every day, according to police figures. And it’s a threat that’s evolving all the time, because as quickly as new technologies emerge, cyber-criminals figure out new ways to exploit them.
Data and documents stored in the ‘cloud’, for instance, are a prime target for hackers and thieves, as are unsecured Internet of Things devices. Machine learning-based artificial intelligence (AI) systems, which store vast amounts of data, present another key new security battlefield. And while AI can help security systems identify threats more quickly and efficiently, it can also be used by criminals to find and exploit potential weaknesses. As AI-based systems increasingly become a part of daily life, your data will only become more vulnerable – unless secure systems are in place to protect it.
Another growth area is ‘cryptojacking’ – hijacking users’ PCs to mine cryptocurrencies. According to the National Crime Agency, this emergent threat affected up to 55 per cent of UK business in 2017.
The costs of poor data security can be devastating: remember the NHS data breach in July 2018, which saw 150,000 patients’ confidential data used (against their wishes) for research, or the attack on US Customs in May 2019, in which hackers stole the photos and licence plate numbers of over 100,000 travellers? Such attacks can result in threats to the safety and privacy of individuals, as well as harming both a company’s bottom line and its reputation. So with companies relying ever more heavily on cloud computing and artificial intelligence to store and process our data, it’s imperative that adequate security measures are in place.
However, data security isn’t just a corporate responsibility: it’s becoming personal. Flexible working, for instance, means our personal devices are increasingly used in the workplace. Employees may be using corporate devices for personal activities, or they may be using their own devices for work purposes (the so-called ‘BYOD’ model) – both situations present their own unique security problems. From data leaks and insurance implications to device theft and loss, we need to ensure we’re doing everything we can to safeguard access. Few people realise, for instance, that simply installing a password manager will make data on their devices up to 80 per cent safer.