ABSTRACT
Probably the single biggest mistake that people make when thinking about social engineering protection, is to think only in terms of staff awareness. In order to illustrate the value of systemic improvements, the author takes some example social engineering attacks, analyses the way that people are targeted and develop systemic protection systems around the information to be protected. Telephone Attack is quite straightforward, targeted at an individual either at home or through their mobile telephone. Its intention is to obtain the necessary credentials to allow access to their telephone banking service. Email phishing attack is aimed at gathering personal information, held on the HR system within a database. The attacker is using access to gather enough personal information to enable identity theft. By mapping attacks on to the proposed model, a clear link is established between specific attack vectors and associated systemic protection countermeasures. The biometric systems themselves often have a range of vulnerabilities that allow direct attack.
