Browse Definitions :
Definition

social engineering attack surface

Contributor(s): Matthew Haughn

The social engineering attack surface is the totality of an individual or a staff’s vulnerability to trickery.

Social engineering attacks usually take advantage of human psychology: the desire for something free, the susceptibility to distraction, or the desire to be liked or to be helpful. Social engineering is often used by hackers and other thieves.

 A few examples of social engineering attacks:

  • A faked call to IT posing as an employee to get a password.
  • Media drops, which are much like a physical Trojan horse: An enterprise employee might pick up an apparently lost flash drive in the parking lot, for example, that in use will execute automatic running code leading to a data breach.
  • Fake service people, such as janitors, repair people or electricians gaining access to server closets.

The main thing one can do to reduce the social engineering attack surface is to educate employees about known risks and about how social engineering hackers tend to operate. This information can help them reappraise innocuous-seeming interactions that could lead to data breaches, long tail intrusions and lost operational time.

 Many attack approaches us a combination of attack surfaces to gain access to resources. Social engineering is often used to gain physical access, for example, that enables an intruder to exploit software vulnerabilities.

See also: software attack surface, network attack surface, physical attack surface

This was last updated in January 2015

Continue Reading About social engineering attack surface

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

  • RAM (Random Access Memory)

    RAM (Random Access Memory) is the hardware in a computing device where the operating system (OS), application programs and data ...

  • business impact analysis (BIA)

    Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to ...

  • M.2 SSD

    An M.2 SSD is a solid-state drive that is used in internally mounted storage expansion cards of a small form factor.

Close