Browse Definitions :
Definition

social engineering attack surface

TechTarget Contributor
By

The social engineering attack surface is the totality of an individual or a staff’s vulnerability to trickery.

Social engineering attacks usually take advantage of human psychology: the desire for something free, the susceptibility to distraction, or the desire to be liked or to be helpful. Social engineering is often used by hackers and other thieves.

 A few examples of social engineering attacks:

  • A faked call to IT posing as an employee to get a password.
  • Media drops, which are much like a physical Trojan horse: An enterprise employee might pick up an apparently lost flash drive in the parking lot, for example, that in use will execute automatic running code leading to a data breach.
  • Fake service people, such as janitors, repair people or electricians gaining access to server closets.

The main thing one can do to reduce the social engineering attack surface is to educate employees about known risks and about how social engineering hackers tend to operate. This information can help them reappraise innocuous-seeming interactions that could lead to data breaches, long tail intrusions and lost operational time.

 Many attack approaches us a combination of attack surfaces to gain access to resources. Social engineering is often used to gain physical access, for example, that enables an intruder to exploit software vulnerabilities.

See also: software attack surface, network attack surface, physical attack surface

This was last updated in January 2015

Continue Reading About social engineering attack surface

SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • biometric verification

    Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing ...

  • password

    A password is a string of characters used to verify the identity of a user during the authentication process.

  • biometrics

    Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

  • VRAM (video RAM)

    VRAM (video RAM) refers to any type of random access memory (RAM) specifically used to store image data for a computer display.

  • virtual memory

    Virtual memory is a memory management technique where secondary memory can be used as if it were a part of the main memory.

Close