Social Engineering Threats and Mitigation

Verified

Added on 2020/05/16

AI Summary

This assignment delves into the dangers of social engineering within a web hosting company environment. It examines prevalent attack types like phishing and physical baiting, outlining their potential consequences for data loss and confidentiality breaches. The analysis also explores contributing factors such as user awareness and monitoring gaps. Finally, the assignment proposes recommendations for strengthening security measures to combat these threats effectively.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SOCIAL ENGINEERING
SOCIAL ENGINEERING
Name of the Student:
Name of the University:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1SOCIAL ENGINEERING
Social Engineering
Social engineering is the technique of getting access to the sensitive and confidential
information from the system. Social engineering needs less technological knowledge to gain the
access of the system (Conteh and Schmick 2016). The effectiveness of social engineering
depends on the manipulation of human beings.
Working environment in the office:
The company is a web hosting company. There are 200 employees working in the
company. The company works with both Windows and Linux hosting servers. The company
provides free hosting to its clients, in the return the client has to allow the company to run their
advertisement on the web page. There are four server computers and approximately 200 laptops
for the official use. The database is managed by the SQL server.
Recently the company officials are afraid of the data loss as a result of social engineering.
Types of possible attacks that may happen:
Phishing:
Phishing is the most common form of attacks that comes under social engineering. About
77% of the systems are the victim of phishing (Krombholz et al. 2015). The phishing can be
done by masquerading a trusted contact and steal information through it. It can be done through
the email or sending the malicious link to the users.
The consequence of the attack on the company (analysis of the potential damage)
Some of the customers of the company has reported that some suspicious emails were
sent to them on behalf of the company stating that they have won some interesting prize in the

2SOCIAL ENGINEERING
contest. Fortunately seeing the suspicious nature of those emails, the users did not open those
emails and they directly contacted to the company.
Possible cause:
The company has a strong local consumer base. The company started with the small
number of consumers and now the number of consumers are increasing. Monitoring on the
traffics on the systems of every users has become difficult for the company (Heartfield and
Loukas 2016). Moreover the users are not very much aware of the concepts of social
engineering.
Recommendation:
Company is thinking to improve the security of the services provided by them after this
incident.
Physical baiting:
Physical baiting is a kind of social engineering, where hardware is used to gain access of
the confidential data. A USB drive or a pen drive can be used in this case (Ferreira and 2015).
Users are provoked to use the unclaimed USB or pen drive, which contains the malicious code.
The using of the pen drive containing malicious code will help the intruder to gain access of the
user’s system.
The consequence of the attack on the company (analysis of the potential damage)
The company has largely affected by the physical baiting. Recently the use of a pen drive
by one of the employees in the company has caused the loss of data and the leak of data which is
important for the company as well as confidential.

3SOCIAL ENGINEERING
Possible cause:
The source and the owner of the pen drive is unknown, however, authority is questioning
that employee who used that pen drive. Primary cause of this happening is the lack of
monitoring.
Recommendation
Internal investigations are made to know the reason of this happening. Company will take
necessary steps to prevent these types of incidents.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4SOCIAL ENGINEERING
References
Conteh, N.Y. and Schmick, P.J., 2016. Cybersecurity: risks, vulnerabilities and countermeasures
to prevent social engineering attacks. International Journal of Advanced Computer
Research, 6(23), p.31.
Ferreira, A. and Lenzini, G., 2015, July. An analysis of social engineering principles in effective
phishing. In Socio-Technical Aspects in Security and Trust (STAST), 2015 Workshop on(pp. 9-
16). IEEE.
Heartfield, R. and Loukas, G., 2016. A taxonomy of attacks and a survey of defence mechanisms
for semantic social engineering attacks. ACM Computing Surveys (CSUR), 48(3), p.37.
Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2015. Advanced social engineering
attacks. Journal of Information Security and applications, 22, pp.113-122.

1 out of 5

+13062052269

info@desklib.com

Social Engineering Threats and Mitigation

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

Network Security and Types of Security Threats and Attacks in Information Technology

Networking: Malicious Attacks, Social Engineering, Information Security Risks, Network Auditing, and Risk Assessment Management

Social Engineering Threats and Awareness

Ransomware Attacks and Cybersecurity

Assignment on Computer security (pdf)

WannaCry and Petya Ransomware Attacks: A Comprehensive Analysis