Social Engineering – in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme. -wikipedia
Social engineering is one very important vector for breaking through cyber security defenses. The vulnerability of the end user needs to be addressed through education, not fear. How do we stress the importance of cyber security and the role that all users play? Attitudes need to change. There are basically three separate attitudes with regard to cyber security awareness: carelessness, avoidance and cognizance.
A user with this attitude toward cyber security has a mindset of “it can’t happen to me” or “I’m too small of a target to mess with; hackers don’t see anything valuable with me.” To change this attitude, the user needs to believe that they are susceptible to security risks and can easily avoid or reduce their risks.
This user will not take the necessary actions to ensure a secure behavior. They see cyber security as a road block and don’t believe they can make any kind of difference. Showing this user that simple behavioral changes can make a difference can help shift this attitude. Use real examples that show cause and effect to demonstrate.
Ultimately, we want all users to have this attitude. It means that they are aware of the potential dangers and consequences. They know that there are effective solutions for reducing security risks and know how their behavior can affect it.
An ongoing cyber security awareness program should be instituted in all organizations. The program should be an integral part of everyday processes. A successful program will feed small bites of targeted information frequently and continuously over time. This approach is critical in shifting the user’s attitude. Since the attack landscape is constantly changing, it is important for all users to understand the risks involved and why attitudes play an important role.