- 5 easy ways to transfer photos from your Android device to your Windows PC
- How to get Google's new Pixel 9a for free
- Just installed iOS 18.4? Changing these 3 features made my iPhone much better to use
- 7 strategic insights business and IT leaders need for AI transformation in 2025
- The most underrated robot vacuum I've ever tested is now 60% off
#InfosecurityEurope2022: Actions Not Words: Hacking the Human Through Social Engineering
Social engineering will drive a new generation of threats, as cyber and physical security converge. Criminal hackers will use keystroke loggers and USB sticks alongside IT-based attacks to gain access and information. And bad actors will always be on the lookout for human weaknesses.
This was the message Jenny Radcliffe, The People Hacker, delivered to Infosecurity Europe 2022, as she was inducted into the Infosecurity Hall of Fame. With over 30 years as a social engineering practitioner, Radcliffe has been chased by dogs, hidden in bushes from security guards and has fallen off a roof more than once.
“How do you explain this job? For all my life I’ve been breaking in, talking my way into buildings and persuading and manipulating people to pass under their defenses, and get into places I wasn’t supposed to.” But the objective has always been to improve security.
Social engineering has been around as long as there have been cons and frauds, Radcliffe recalled. However, the growth of electronic communications has shed new light on the dangers. The infosecurity industry is one of the few that understands this, Radcliffe noted.
Research into targets has “been made easier over the years by the proliferation of social media,” she said. Before, social engineers would have to spend hours in pubs or cafes to glean information that can be found in seconds online.
But this, Radcliffe said, makes the work of the social engineer all the more important. The industry has to work to strict ethical and legal standards, and does so to prevent organizations, and people, from becoming victims.
“Aside from the more quantifiable damage we were seeing, we saw how these crimes destroyed people in other ways,” she said. “It wasn’t just financial loss, it also destroyed people’s confidence, their joy in life and faith in other people.”
Defending against these attacks, in both the physical and cyber worlds, needs professionalism, discipline and a degree of humility.
“We are testing the art of the possible. It is a fine line, but better us than the criminals, better I show them, I fix it and test it than never try and leave them wide open,” she said.
Despite the growth of technology, humans will always be a focus for criminals. “We can’t defend without working closely together. I’ve had tech companies and directors dismiss social engineering as about phishing, or sneaking past with a wink and a smile. It’s never that easy.
“The best of you know, and always have known, that the answer to good security has always been with the people.”
