What are some initial steps companies can take
to mitigate potential social engineering attacks?
The first thing a company can do is develop and
communicate clear policies for employees to know
what to do when (not if) they encounter an attack.
How to identify it, handle it, report it and so forth.
The next recommendation is for companies to test
their employees with realistic simulations. And
finally, be sure to follow up on the results of this
testing with solid education for employees. Good
training in the area of social engineering threat mitigation should not involve computer-based passive
information. It should be interpersonal discussions
and demonstrations of how attacks look and feel
in the real world.
How are social engineering techniques being
used for purposes of good?
When I realized that being a professional social
engineer can actually be utilized to accomplish
good things, I formed a nonprofit group called The
Innocent Lives Foundation. Its mission is to tap
the skills of the professional white hat social engineering community to unmask those who prey on
children anonymously online. You can see more
about this project and our mission at
by the Galleria
& Expo (RTIME)
New Orleans, La.