Social engineering intrusion: a case study

Abstract

Social engineering is a very old method to influence people in their daily actions. The same methods added with new techniques have been implemented to create effective penetration mechanisms against organizations. The goal in this study was to measure employees' security awareness and culture. This is a case study which uses several penetration methods to test an organization's vulnerability against social engineering techniques. The study started with cyber security research questions for all employees in the studied organization Reconnaissance and survey questions together provide use cases to the physical penetration testing phase. When comparing the results of the survey questions with the actual penetration test, a significant difference was found. Even employees understand how to behave in a penetration case; they act differently. This is a problem which can be resolved by increasing the awareness against security engineering attacks. The awareness can be increased by training, education and good security policy.