This past week at Defcon the social engineering capture the flag competition was hotter and more controversial than ever. Contestants were given their target company two weeks in advance for research purposes. During the actual competition contestants called employees at the target companies to gain sensitive information. The overall result: A big fat fail for the human element.

As more companies begin to take security seriously budgeting for pen tests, equipment, etc. often the human element of security falls through the cracks. As shown at the Defcon competition, all the locks, both physical and network based, can’t stop an attacker if an employee ushers her through the door.

The Social Engineering Competition was put on by Social-Engineer.org which is an excellent place to learn more about social engineering. Don’t let a lack of employee awareness of social engineering attack vectors undermine your security program.

This entry was posted on Tuesday, August 3rd, 2010 at 12:36 pm by Georgia Weidman and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.