In the game of hacking the weakest link and easiest target is virtually always people. There is a tendency to rely too heavily on automated tools to monitor and/or enforce security policies. While highly valuable, these methods by themselves fall short of managing the human element of information security. Without extensive security training and monitoring, many bank employees are vulnerable to social engineering attacks, and unintentionally allow unauthorized access to customer accounts and information.
Social engineering is the use of deceptive and manipulative tactics to gain unauthorized access to information assets. Successful hackers use social engineering tactics to play on the emotions of unsuspecting victims. They may compromise employees by inducing stress, excitement, fear, or distraction to control the actions of their victim and obtain access (often easy access) to confidential information.
KraftCPAs can develop social engineering scenarios to test the real-world effectiveness of information security policies and procedures. Social engineering testing will determine if bank employees can be tricked into allowing unauthorized access to customer accounts and information through face-to-face interaction. Our team has performed social engineering test scenarios in banks and found that employees are typically vulnerable to these tactics.
Once we have uncovered weaknesses in the human element of IS security, we can help the bank design improved policies and procedures to combat these weaknesses and train bank employees to be on guard against social engineering tactics.
