Old scams pose the 'greatest security risk'
Villains are more likely to get into computer systems by manipulating people, not machines, analysis firm Gartner says.
In an announcement Sunday, the research company defined social engineering as "the manipulation of people, rather than machines, to successfully breach the security systems of an enterprise or a consumer." This involves criminals persuading a user to click on a link or open an attachment that they probably know they shouldn't.
Rich Mogull, research director for information security and risk at Gartner, said in the announcement that social engineering is more of a problem than hacking.
"People, by nature, are unpredictable and susceptible to manipulation and persuasion. Studies show that humans have certain behavioral tendencies that can be exploited with careful manipulation," he said. "Many of the most damaging security penetrations are, and will continue to be, due to social engineering, not electronic hacking or cracking."
Mogull said that identity theft is a major concern because more criminals are "reinventing old scams" using new technology.
"Criminals are using social engineering to take the identity of someone either for profit, or to gather further information on an enterprise," he said. "This is not only a violation of the business, but of someone's personal privacy."
Rob Forsyth, managing director at Sophos in Australia and New Zealand, described a recent "malicious and cynical"
Forsyth said the replicated Web site was recreated so thoroughly that it took experts some time to confirm that it was actually a fraud.
"It was not necessarily groundbreaking, but quite a clever combination of technology," Forsyth said. "They are targeting those people in the community that are most in need--those seeking work. It is exactly those people that might be vulnerable to this kind of overture."
Gartner's Mogull said: "We believe social engineering is the single greatest security risk in the decade ahead."
Munir Kotadia of ZDNet Australia reported from Sydney.