Are you ready for a career in cybersecurity? You’ve probably seen the reports about the huge shortage of cybersecurity experts. Indeed, there are simply not enough workers to keep pace with the constant barrage of cyberattacks that permeate commercial and government sectors. In fact, a new study from Tripwire, 85% of the 300 companies surveyed claimed their IT security department is understaffed.
A growing trend within cybersecurity is to focus on how cybercriminals use social engineering to launch attacks. What exactly is social engineering? We define social engineering as “the act of influencing a person to take action that may or may not be in the persons best interest.” Cybercriminals have discovered it’s often easier to target the people within an organization rather than implement a complex technical attack.
In view of this, as professional social engineers, we study how cybercriminals influence people to gain access to critical information. Then, we use what we’ve learned to raise awareness of an enterprise’s vulnerability to social engineering attacks. Additionally, we provide services such as PHaaS®, VaaS®, SERA, and the Social Engineering Penetration Test. The training and education provided in these services equip people within the enterprise to become its frontline defense. So, if you are interested in the human side of security, then this specialty field of professional social engineering is for you. Have we got you hooked? If we have, you’ll find it helpful to take a brief look at the most prevalent social engineering attack vectors.
The Most Prevalent Social Engineering Vectors
The most prevalent social engineering attack vectors are phishing, vishing, smishing, and impersonation. In fact, CEO impersonation comprises nearly half of all phishing emails? This type of social engineering attack was used against Mattel in 2015. How was it carried out? Cybercriminals mined social media platforms specifically looking for company news, policies, and the names of key individuals within Mattel. A significant element they learned was that Mattel would soon have a new CEO. Now, now had their attack vector. Impersonating the new CEO, the cybercriminals emailed a finance director requesting a new vendor payment of $3,000,000 to be wired to a bank in China. Because it was known the new CEO was preparing for growth in China, the request didn’t seem unusual to the finance director.
What’s the takeaway? All businesses are vulnerable to social engineering attacks. It highlights a valuable point. All employees need training to understand social engineering techniques cybercriminals us.
How Can You Make Social Engineering Your Career?
How can you make social engineering your career? When it comes to education, we recommend the performance-based Advanced Practical Social Engineering course. Moreover, obtaining the following certificates are also highly valuable: the Offensive Security’s Certification and the Certified Information Systems Security Professional. Security expert and CEO of Social-Engineer, LLC, Chris Hadnagy, notes that for him one of the most important aspects of being a professional social engineer is the ability to think critically. He also has a company motto, “leave others better for having met you.” A professional social engineer may need to think like a bad guy. However, Hadnagy’s goal is to create positive learning environments and productive scenarios for their future engagements and clients.
When embarking on any new career, it’s helpful to connect with people who have successfully made the journey and are willing to share lessons they have learned along the way. Here’s a go-to list that will both inspire as well as educate.
- How to Become a Social Engineer
- Make Social Engineering Your Career
- From SECTF to Pro SE with Whitney and Rachel
- SEVillage at Defcon 26: From Introvert to SE, The Journey
- Pro-tips on becoming a professional social engineer
- Women Needed in Cybersecurity
A career as a professional social engineer/pentester can be fulfilling. Now’s the time to get started on your path in cybersecurity.