Identification and prevention of social engineering attacks on an enterprise

In recent times, the integration of technology in everyday tasks helps in making most of the cumbersome work more convenient. This integration has brought about a positive wave in aiding and assisting humans in various sectors such as the military, health, education, finance, etc. Conversely, convenience does come with a cost, i.e. it increases the concern for security in those systems. Attackers with various motives try to exploit these systems for personal gain. Some of the popular attacks like Man In The Middle, Cross-Site Request Forgery(CSRF), Phishing and Code Injection can be used to compromise the systems. However, the easiest way to gain control over a system is through Social engineering because it can be performed within a short time and without much technical expertise. Social Engineering targets humans by using various psychological weaknesses of human cognizance. Such attacks are often used to attack enterprises, as their weakest links are the human employees who are prone to be deceived and manipulated. Hence, the enterprise must be prepared for any kind of attack that may be deployed to exploit the weaknesses. This paper discusses the broad spectrum of Social Engineering threats that an enterprise faces throughout its life and various effective measures to prevent such attacks. This paper helps the reader to gain insight into how social engineering can be used against enterprises.