Social engineering will drive a new generation of threats, as cyber and physical security converge. Criminal hackers will use keystroke loggers and USB sticks alongside IT-based attacks to gain access and information. And bad actors will always be on the lookout for human weaknesses.
This was the message Jenny Radcliffe, The People Hacker, delivered to Infosecurity Europe 2022, as she was inducted into the Infosecurity Hall of Fame. With over 30 years as a social engineering practitioner, Radcliffe has been chased by dogs, hidden in bushes from security guards and has fallen off a roof more than once.
“How do you explain this job? For all my life I’ve been breaking in, talking my way into buildings and persuading and manipulating people to pass under their defenses, and get into places I wasn’t supposed to.” But the objective has always been to improve security.
Social engineering has been around as long as there have been cons and frauds, Radcliffe recalled. However, the growth of electronic communications has shed new light on the dangers. The infosecurity industry is one of the few that understands this, Radcliffe noted.
Research into targets has “been made easier over the years by the proliferation of social media,” she said. Before, social engineers would have to spend hours in pubs or cafes to glean information that can be found in seconds online.
But this, Radcliffe said, makes the work of the social engineer all the more important. The industry has to work to strict ethical and legal standards, and does so to prevent organizations, and people, from becoming victims.
“Aside from the more quantifiable damage we were seeing, we saw how these crimes destroyed people in other ways,” she said. “It wasn’t just financial loss, it also destroyed people’s confidence, their joy in life and faith in other people.”
Defending against these attacks, in both the physical and cyber worlds, needs professionalism, discipline and a degree of humility.
“We are testing the art of the possible. It is a fine line, but better us than the criminals, better I show them, I fix it and test it than never try and leave them wide open,” she said.
Despite the growth of technology, humans will always be a focus for criminals. “We can’t defend without working closely together. I’ve had tech companies and directors dismiss social engineering as about phishing, or sneaking past with a wink and a smile. It’s never that easy.
“The best of you know, and always have known, that the answer to good security has always been with the people.”