Remember meForgot password?
    Log in with Twitter

Op-Ed: Social Engineering, the Weakest Security Link

By Pritesh N Munjal     Sep 12, 2008 in Technology
Social Engineering is emerging as a potential threat to big corporations and organisations. Experts believe that tackling social engineering requires a different cyber security strategy.
Cyber security has become a crucial issue these days. The organisations and companies are spending heavily for securing their computers and electronic infrastructures. However, there are many loopholes in the security practices of almost all these organisations and companies. One such loophole that is very common and most effective in breaching the security chain of these companies is the technique of “Social Engineering”. Social engineering includes the acquisition of sensitive information or inappropriate access privileges by an outsider, based on the building of inappropriate trust relationships.
According to Mr. Praveen Dalal*, the Leading Techno-Legal Specialist of India, “Human beings are usually the weakest link in the security chain and social engineering is the easiest way to break into a system. Besides being easy, social engineering can be incredibly cheap. Social engineering is the hardest form of attack to defend against because a company can’t protect itself with hardware or software alone. A company must have good employee’s awareness activities and information dealing policies in place and the employees must strictly follow these policies. The employees must be willing to ask relevant questions while dealing with a request to provide sensitive information”.
Even if the employees are successful in evading the social engineering tactics, the method of “Google Hacking” is very effective. Google hacking refers to using Google’s search engine to locate high-value targets or to search for valuable information such as passwords, credit card numbers, medical records, or other confidential information. Many times, Google can pull information directly out of private databases or documents.
Creative Google searches can reveal medical, financial, proprietary and even classified information. In US, despite Governmental regulations and protection Acts such as HIPAA, Sarbanes-Oxley, and Graham-Leach-Bliley this problem still persists. Confidential information still makes it out onto the Web, and Google hackers get them easily.
In India the IT Act, 2000 deals with selective cyber crimes and contraventions. The issue of social engineering has not been dealt with by the Act. Recently Perry4Law and its Techno-Legal Segments like PTLB, PTLITC, etc have suggested for bringing suitable amendments in the Act that have been accepted by the Government of India. We have bought to the attention of the Government the lack of Cyber Forensics and Cyber Security capabilities in India, more particularly security issues of Wireless Networks. If the drafted recommendations of Perry4Law are accepted by the Government, we would have a safer and stronger cyber law in India” says Mr. Praveen Dalal.
This seems to be a tricky situation. On the one hand India is emerging as an Information and Communication Technology (ICT) superpower whereas on the other hand it is facing a weak and ineffective cyber law. The Government of India must act urgently to fill the gaps in the fields of cyber law, cyber security and cyber forensics capability development.
*About Mr. Praveen Dalal
Mr. Praveen Dalal is the Managing Partner of Perry4Law and heading its PTLB, PTLITC, and other Techno-Legal Divisions that are providing Cyber Law, Cyber Security and Cyber Forensics Assistances and Services. Perry4Law is the First and Exclusive Techno-Legal and ICT Law Firm in India and is in operation since 2002. It deals with legal issues associated with ICT and use of ICT for legal purposes. PTLB and PTLITC are few of the Techno-Legal ICT initiatives of Perry4Law and are in the process of upgradation and formalisation. Mr. Praveen Dalal’s specialisations include areas like Cyber Law, Cyber Security, Cyber Forensics, Digital Evidencing, Corporate ICT Compliances, etc.
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of
More about Social engineering india, Cyber law india, Cyber security india, Cyber forensics india, Act-2000
More news from
Latest News
Top News