Raj Samani

Social engineering is an old technique. What has changed today is that the Internet delivers up a far bigger pool of victims.

This is according to Raj Samani, CTO of McAfee EMEA, who said a new underground market of information brokers has emerged where just one broker can earn £50 000 a month from a client for tracing and selling sensitive information. The data cyber criminals attempt to exploit can range from personal data to commercial information, such as trade secrets, commercial contracts, sales and financial information.

Samani pointed out that the number of information brokers is increasing due to the fact that social engineering attacks can be automated, and the financial value for stolen information is rising exponentially.

“Even if the success rate of a spam campaign is as low as 0.1%, that isn’t bad if you’ve spammed millions of people,” he explained. “If a cyber criminal manages to defraud only 10 or 20 people, but gets millions out of each, that’s worth their while.”

Because clever social engineering can deliver a cyber criminal into the heart of a company’s information, enterprises need to approach the problem though a number of controls, Samani said.

“There’s no silver bullet to prevent it, but there are many controls you can use. Companies can try to identify the risk and utilise controls that include the technical, but are also people-based.”