Share
InfoSecurity Europe reps, demonstrating Social Engineering techniques in advance of next weeks InfoSec Europe conference, stood in front of Liverpool Street Station (City of London) and asked for personal information including passwords. They offered candy in return for the information.
Researchers are offering candy in exchange for passwords and other information. (IMG:J.Anderson)
As kids, we are told about strangers offering candy. We were instructed to avoid them, never offer information to them, and never take the offered candy. As adults, rushing about from one office to the next, offering your password for a mid-day snack, is perfectly ok. Isn’t it?
There were five hundred seventy-six people questioned. With the promise of a vacation if they won a drawing, the interviewees offered up names, and telephone numbers. Then if they completed a survey, which asked them for other information including passwords, they received the candy.
This serves to prove one thing, the human element is still the largest risk factor involved in IT security. You can add all the layered protection you want on a network and encrypt everything, but in the end if Marry in Marketing tosses out her password for some candy, then the security is beaten.
It would not take long to deduce the network login, and with a little, as Johnny calls it, No Tech Hacking, it is possible to gain access to the network and company. None of the information collected by the research was used or saved. They have done this in the past, offering shirts or pens instead of candy. The research report shows that in 2007, sixty four percent of the people talked to were ready to hand over passwords.
This year that number dropped to twenty-one percent, so there is growth in the security awareness of office workers. However, what about the twenty-one percent of the companies who could be at risk?
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story