This article by Jamey Heary provides solid examples of how social engineers exploit
human weaknesses by intimidation, familiarity or charisma. Many organizations layer on
physical and logical defenses with a focus on external attacks and disgruntled insiders.
That approach does not address authorized personnel with good intentions.
It is necessary to educate employees, contractors and suppliers of the threat posed
by social engineers. Start by sending security awareness tips. Add social engineering
to on-site security assessments (with written permission from management). And read Jamey's article of course!
