Social Engineering, what is it and what to do about it.
Today in health, it. We're going to take a look at social engineering. My name is spelled Russell. I'm a former CIO for a 16 hospital system and creator of this week health, a set of channels dedicated to keeping health it staff current. And engaged. We want to thank our show sponsors who are investing in developing the next generation of health leaders.
Gordian dynamics, Quill health towel, site nuance, Canon medical, and current health. Check them out at this week. health.com/today. I know my cadence is a little off today, but we'll see what happens. A story built in.com. It's called what is social engineering? You look into this fist kitted world of psychological cyber crime.
I just got off the line with Drax and we talked about this. It will be on the. , news day show a week from Monday. But, , I liked the story and I thought I would share So a social engineer. , social engineering essentially is a confidence game. It's a, it's a con artist. Coming at you and utilizing various aspects of your personality.o do crazy things way back in:idential customer records. In:
Have been snuckered. Wow. They actually use that in a sentence. Amazing. Including the associated press, target, Sony pictures, Yahoo, the democratic national convention, and even the U S department of justice. So. , it almost doesn't matter what size you are. You can get exploited. So what are they exploiting?
And I like this list. So they have social engineers, exploit, kindness, social engineers, manipulate. , manipulates respect for authority. Social engineering takes advantage of human nature. Social engineering requires confidence in social engineering, capitalizes on online sharing. Let me give you a little piece of each one of these things. They go into some detail. I'm just going to give you a little.
, Let's see, that's a story. Let's start with exploit's kindness. So. Sal live free. Who spent 20 years in New York city cop before founding his company, protective countermeasures says our innate tendency to be of assistance to others is especially exploitable. That's certainly true in the blo example of something called vishing voice solicitation, the expert demonstrator easily dupes her mark.
By pretending she is frazzled. A frazzled mother holding a crying baby while impersonating a man's wife. The woman is able to convince the phone service rep to give her information about the account. All right. And then they have a video here to show it to you. It's pretty interesting. , social engineering, manipulates, respect for authority while some of these attacks employ demands whereby the target is strong, armed into capitulating and authority tack.
Can be trickier to pull off Trayv Harman, founder and CEO of Triton technologies says that. Has a lot to do with upbringing. If you were taught that people in authority, authoritative positions. We're perceived. Ones. Even perceived ones. Are to be trusted all of a sudden, an email from an admin at Microsoft that says we found a virus on your computer seems credible.
, it takes advantage of human nature. , this is probably pretty obvious. I mean, you and nature is you want to help somebody and they will take advantage of that. , requires confidence. Lots of social engineering plays, , out entirely online where perpetrators can hide behind their screens and keyboards and wear things like tone of voice. Facial expressions and body language are immaterial. When a scam requires more personal elements, such as phone calls or in personerefore is , it surely wasn't:
Well, there you go. He'd been a regular customer for at least a year prior ingratiating himself with the employees. Through charm and chocolates. Flaman bomb. Became so trusted and beloved, in fact that he was granted. A coveted vault key. That allowed him access during off hours. There you go. , and capitalizes on online sharing.
You know, we, we have lots of ways to do that. They, , give some social engineering examples. The baiting meeting involves Loring potential targets. By offering them some sort of reward. Diversion theft, diversion theft occurs when targets are conned into rerouting A destination of goods or confidential information honeytrap and a honeytrap scenario, attackers seduce their targets into giving up personal information or compromising sensitive work.
A quid pro quo. Schemes and tastes targets with the promise of goods and services in exchange for information fishing. We all know what fishing is. Pretexting when using pretexting scammers will lie about who they are or create a fictional scenario to extract sensitive personal information. , rogue attacks, trick targets into buying fake and malicious security software that deploys ransomware.
That's that's harsh. Spear fishing. We know what that is. Artificial intelligence defects The fakes are AI generated video. Or audio that can be used to mimic politicians and celebrities, or even the average person's colleagues, friends, or family so far, legally unregulated deep fakes will soon be easier to make.
Then they already are tougher to spot and widely disseminated. So at some point you might see a deep fake of me saying something silly, just no. It's not me. Or you can just send me an email and I'll tell you whether it was me or not. How can you protect yourself from social engineering? There's no single solution, but there are ways.
To more consistently mitigate the effects of social engineering in many forms. Armor's tech is to remove the weak link, meaning humans. Wow. This company says it's true, but it's just a wow factor. , his company, he says uses physical fail safes. That include multi-factor authentication. That makes sense.
One more element. , elemental level Harman's directive. Is this change your mentality. Learn not to trust. Whether it's a critical email from seemingly familiar source. A call from the IRS threatening and punishment for nonpayment or back taxes or audio video of a public figure. You're saying something that doesn't really jive.
With past statements, various companies offer fee-based antisocial engineering training online. One of the most prominent, no. Before goes beyond warnings and words to feature unlimited. Simulated social engineering attacks through email, phone and text. Interesting. , we do that. We do that online, but, , or we do that within our health systems, but now you can do
Personally, anyway, social engineering, social engineering is still a significant source of a majority of attacks. , you know, usually I do a, so what on these things, but this one is just more educational is it was interesting to talk to directs about it. , I think the, so what is going to be that these attacks are sophisticated? Are they are.
Fairly sophisticated. Now they're going to get more sophisticated as we move forward and we are going to have to keep upping our game. Keep learning, keep training our end users. And our hospital systems to know these fakes. And then we're going to have to protect them and just expect a certain amount of them to fall prey to those attacks.
And be able to protect them when that does happen. So that's my, so what on that? And that's all for today. If you know someone that might benefit from our channel, please forward them They can subscribe on our website this week, health.com or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher.