The recent cyberattacks against MGM Resorts and Caesars Entertainment have raised new concerns about the effectiveness of social engineering in compromising security. Both attacks were carried out by the same hacking group using social engineering tactics to obtain access credentials to their systems. While social engineering is a huge threat to cybersecurity, it’s important not to underestimate the impact it also has on physical security. Ensuring physical security is vital for safeguarding a company’s sensitive information so implementing robust access control methods is necessary.
Social Engineering Definition & Methods
The definition of social engineering is “the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data.” In basic terms, the social engineer manipulates their target into revealing information or doing something that compromises security. Many social engineering techniques exist and you may have experienced a few yourself.
Digital Messages
“Phishing” is a common method that social engineers use to steal people’s information. This method involves the hacker sending the target an email or text message, pretending to be a reputable company or person. Some messages contain a malicious attachment that installs malware on the target’s device when opened. Other messages claim that the recipient needs to verify their account information using a link. The link redirects the victim to a fake but realistic-looking website that collects the sensitive information they were requested to submit.
Phone Conversations
The group that hacked MGM Resorts and Caesars Entertainment used “vishing”, a form of phishing. Like with phishing, the social engineer manipulates the victim into believing that they’re a legitimate business or person. But instead of messaging them digitally, they talk to them over the phone. The MGM hackers managed to gain access to the system after calling their IT help desk, impersonating an employee they found on LinkedIn. They persuaded them into giving up the employee’s account information which they used to install ransomware.
In-Person Contact
Most instances of social engineering occurs without face-to-face contact, but it can still happen in-person. Usually, the social engineer pretends to be an employee of the targeted company and approaches a real employee. They will say that they forgot or lost their access card/badge and ask the employee to use theirs to let them inside. Another tactic for getting entry is by convincing the employee that they’re there to perform a hired service like maintenance, construction, or cleaning.
Access Control Methods for Physical Security
Businesses can strengthen the physical security of their buildings by utilizing access control systems. Access control systems prevent unauthorized individuals from entering the building and accessing the equipment inside. This includes the physical hardware containing the company’s digital data. Therefore, access control systems not only enhance physical security but also boost cybersecurity. However, it’s important to take social engineering into consideration when developing access control strategies.
Facial Recognition
The majority of companies already have some sort of system in place to manage entry, but most of these systems require each employee to scan an access card or badge. As we illustrated in the example earlier, access cards are not very secure. Social engineers can obtain access easily by convincing an employee to scan them in. A more secure access control method is facial recognition. Instead of scanning cards, the system scans each employee’s face to validate access. This method reduces the effectiveness of social engineering techniques as it prevents unauthorized individuals from pretending that they’re an employee who forgot their badge.
License Plate Recognition
Businesses can control access to employee parking lots or garages by integrating license plate recognition (LPR) software, like PLACA.AI, with automatic gate barriers. This type of system validates access by scanning each vehicle’s license plate number instead of cards or badges. It’s pretty hard for someone to forget to bring their car to work so this method is a lot more resistant to social engineering tactics. License plate recognition systems are also good for handling access for hired services. It allows the business to register the service vehicle’s plate number in advance to give them access when they arrive. Not only is this more convenient, but it prevents social engineers from posing as service crews to gain entry.
Social Engineering-Resistant Solutions from 2M Technology
Social engineering does not use sophisticated or advanced technology, rather it takes advantage of the human psyche. Employing effective access control systems can safeguard a company’s physical and digital assets. However, it’s crucial to also implement employee training so they can protect themselves from falling victim to social engineering. If you need an access control solution that is resistant to social engineering, 2M Technology has what you need. We offer facial recognition turnstiles so you can secure building entrances and terminals for restricted rooms. If you need parking access control, we can help you get started with PLACA.AI, a cloud-based license plate recognition software that can be integrated with existing systems. Contact our sales team today by phone at +1 (214) 988-4302 or by email at [email protected]!