By Francois Mouton, Associate Professor in Cyber Security at Noroff University College
The world as we know it will never be the same. The start of the year 2020 brought along discussions about the corona virus family of viruses and how they are impacting our daily lives. COVID-19 had a massive impact on society at the start of 2020. The virus was first identified in Wuhan, Hubei, China in December 2019. Subsequently, on the 11th of March 2020, the virus was classified as a pandemic by the World Health Organization.
Along with over 30 million infections across the world, it has also brought along an era of mass hysteria and confusion. It is well known that the mass hysteria is having a enormous impact in our society and governments are putting entire countries in lockdown. The entire concept of “home office” or “working from home” which were previously seen by employers as something which should never happen, has become the norm for most people. There has been a massive impact on how “business as usual” will evolve, as everyone has become accustomed to the new formula of being able to effectively work from home.
I have digressed from the original topic of social engineering and cyber security, and one, rightfully so, must ask why I brought up the whole pandemic situation. Social engineering is entrenched in the human psyche. One cannot discuss the concept of social engineering, and how to be vigilant against it, without addressing the current situation society is in. Social engineering evolves on a continual basis and attacks are becoming more targeted.
Social engineering is still on the rise, and we are currently seeing many of the big tech firms reporting that they have been compromised by social engineering attacks. Even one of the biggest tech giants, Twitter, managed to fall prey to a social engineering attack. Twitter has most recently succumbed to a spear phishing attack on the 15th of July 2020, where attackers were able to gain access to both the internal network and the internal support tools of the Twitter platform.
Attacks like this are also partially due to people now working from home and requiring access to internal systems from outside. Long gone are the days where you could keep your internal company documents on an internal FTP server only accessible from the company network. These days things are hosted in the ubiquitous “cloud” which allows everyone seamless access to information. The trend of moving everything online is part of the reason why social engineering is becoming more of a successful attack vector.
Moving towards a more online world, is not the only reason for the increase in attacks. More people are gaining access to technology and are being forced to make use of new technologies than before. Almost everyone has access to a device that is connected, almost permanently, to the Internet. With everyone needing to self-quarantine, the need for social interaction over the internet has become much more popular. The age at which children are moving online has also drastically been dropping.
Even as I am writing this blog I received a photo of a friend showing their “working from home” environment where she has to keep the children entertained whilst work needs to happen. In the photograph – which has been omitted for privacy reasons this been cyber security awareness month and all – the children (aged 5 – 10) are all busy playing mobile games on their tablets. This is a clear indication that almost everyone these days has access to technology, and to the Internet. The only requirement to be a target for a social engineer, is having access to the Internet. Now my question is, how are we going to protect children?
But then, I digress again, I do not have all the answers on how to protect society. The rest of the IT world has had it much easier; we could just update the firmware on the firewall, or update the software on our computer, or even deploy the latest anti-virus software. Regrettably, I have to inform you that patch 2.0 for humans is yet to be released. Even if we can release it, in the form of the perfect training, how do we ensure it is applied to everyone?
Social engineering is an ongoing problem and unfortunately this blog does not have all the answers on how we can address it. The best I can do is provide you with some guidelines on how you be more vigilant against cyber security threats. To this end, I have developed a set of guidelines which you can utilise as a minimum baseline to ensure your home office environment is more secure:
- Update the Operating System and Software you use daily
- Do not let your family use your office devices
- Secure your home network
- Update the software on all electronic devices in the household
- Question the authenticity of communication
Webinar on Social Engineering
Thankfully, society has managed to survive long enough to make it to cyber security awareness month in 2020. The cyber security awareness month is something really dear to me. As an academic I always try to engage and provide education to society about how individuals can protect themselves. This year will be no different, and I will yet again be hosting a webinar on the topic of social engineering and the psychology behind it. The webinar will expand on the provided guidelines on creating a more secure home office environment, as well as delving more deeply in the psychology behind social engineering and why people are so easily susceptible to social engineering.
Date & time: Thursday 8 October 2020 at 18:00 CEST
Participation: Free, but registration in advance is required
18:00: Welcome & Intro Cyber Security Month, Rosanna Norman, Communications Officer at GÉANT
18:05: How the new Work from Home concept has impacted the world, Francois Mouton, Associate Professor in Cyber Security at Noroff University College
- Your email address will only be used to confirm the registration and for all communications regarding this event.
- The webinar will be recorded (except the Q&A).
Watch the full webinar
About the author
Dr. Francois Mouton is an Associate Professor in Cyber Security at Noroff University College based in Oslo, Norway. His fields of expertise are social engineering, penetration testing and digital forensics. Francois graduated with a PhD Computer Science, in the field of social engineering, from the University of Pretoria in 2018. The focus of his PhD was on techniques on identifying and thwarting social engineering attacks by altering the human psyche. During his academic career he has also completed all the undergraduate modules provided at University of Pretoria for both psychology and accounting. He has (co)authored several international publications, mainly on topics of digital forensics readiness and social engineering. His research has had a significant impact within the field of social engineering and he currently has an h-index and an i10-index of 9.