Home / Blog
Written by: 10/7/2011 5:24 AM
RocketReady has performed security assessments for a lot of companies and government agencies (both large and small). When we go in to an organization to assess their employees’ vulnerability to social engineering, we always recommend that the organization consider assessing three major areas of exposure – the phone, email, and facilities. Our clients almost always tell us that they can’t address the physical security side because that’s handled by another group altogether. The CIO / VP of IT handles information security. The CSO / VP of Security handles facilities and physical security. What happens when the lines are blurred? What happens when the same guy who might place pretext phone calls and sends phishing emails might also try to literally sneak in the back door? The reason hackers resort to social engineering is because it’s easier than hacking. Whether the tactic is true technical hacking, pretext calls, phishing, spoofed websites, dumpster diving, or sneaking into facilities, the hacker is still looking for the same thing…access to information.
So, we’ve preached for years the need to get physical and logical security all on board when addressing social engineering. Imagine my surprise when I read in the latest issue of Dark Reading that they are starting to do just that. More and more folks in leadership positions in security are recognizing that the lines that used to be very clear are becoming more and more blurred and that “security is security.” Our recommendation? Logical and physical should partner to stop the social engineer.
Read more here: http://www.darkreading.com/vulnerability-management/167901026/security/security-management/231602187/physical-logical-security-worlds-continue-slow-convergence.html