The threat of social engineering and the safety of companies

Abstract

Social engineering is a method of attack aimed at the state, organization, or individual. It focuses on the weakest point in the use of information and communication technologies, specifically the human factor. The article deals with the issue of social engineering with a focus on the attack and the possibilities of defense against it in a commercial and manufacturing company. Several questionnaire studies were conducted, which found that only a small number of staff had been trained in the past against similar attacks. Companies still underestimate their protection, investing in new technologies, but already investing less in training employees who use them. At the same time, social engineering largely focuses on them. The article, therefore, identifies social engineering, its ways of carrying out the attack. Furthermore, the article briefly summarizes its threats as well as its history, along with an overview of the first attacks. For greater orientation in practice, the individual types of attackers, the progress of their attacks, and the relevant technical aspects are described here. An analysis of the current state of safety in the existing manufacturing and trading company was performed, namely, the specific directives that are currently in force. These were compared with current needs and appropriate measures were proposed. Based on this analysis, recommendations for improving the state of security against social engineering attacks in all companies, in general, are described at the end of the article. The most frequently used methods in practice are listed according to the survey, followed by the establishment of safety recommendations. Individual technologies are constantly evolving, newer applications are being launched on the market, and at the same time, more advanced methods for data protection need to be developed.