Posted by: Pritesh N Munjal | September 25, 2008

Social Engineering And Cyber Security Risks

Cyber security has become a crucial issue these days. The organisations and companies are spending heavily for securing their computers and electronic infrastructures. However, there are many loopholes in the security practices of almost all these organisations and companies. One such loophole that is very common and most effective in breaching the security chain of these companies is the technique of “Social Engineering”. Social engineering includes the acquisition of sensitive information or inappropriate access privileges by an outsider, based on the building of inappropriate trust relationships.According to Mr. Praveen Dalal*, the Leading Techno-Legal Specialist of India, “Human beings are usually the weakest link in the security chain and social engineering is the easiest way to break into a system. Besides being easy, social engineering can be incredibly cheap. Social engineering is the hardest form of attack to defend against because a company can’t protect itself with hardware or software alone. A company must have good employee’s awareness activities and information dealing policies in place and the employees must strictly follow these policies. The employees must be willing to ask relevant questions while dealing with a request to provide sensitive information”.

Even if the employees are successful in evading the social engineering tactics, the method of “Google Hacking” is very effective. Google hacking refers to using Google’s search engine to locate high-value targets or to search for valuable information such as passwords, credit card numbers, medical records, or other confidential information. Many times, Google can pull information directly out of private databases or documents.

Creative Google searches can reveal medical, financial, proprietary and even classified information. In US, despite Governmental regulations and protection Acts such as HIPAA, Sarbanes-Oxley, and Graham-Leach-Bliley this problem still persists. Confidential information still makes it out onto the Web, and Google hackers get them easily.

“In India the IT Act, 2000 deals with selective cyber crimes and contraventions. The issue of social engineering has not been dealt with by the Act. Recently Perry4Law and its Techno-Legal Segments like PTLB, PTLITC, etc have suggested for bringing suitable amendments in the Act that have been accepted by the Government of India. We have bought to the attention of the Government the lack of Cyber Forensics and Cyber Security capabilities in India, more particularly security issues of Wireless Networks. If the drafted recommendations of Perry4Law are accepted by the Government, we would have a safer and stronger cyber law in India” says Mr. Praveen Dalal.

This seems to be a tricky situation. On the one hand India is emerging as an Information and Communication Technology (ICT) superpower whereas on the other hand it is facing a weak and ineffective cyber law. The Government of India must act urgently to fill the gaps in the fields of cyber law, cyber security and cyber forensics capability development.


%d bloggers like this: