Abstract
At the highest abstraction level, an attempt by a social engineer to exploit a victim organisation either attempts to achieve some specific target (denial of service, steal an asset, tap some particular information) or it wishes to maximise an outcome, such as to disable the organisation by a terrorist attack or establish a permanent parasitic relationship (long-term espionage). Seen as dynamic processes, the first kind of exploit is a controlling ('balancing') feedback loop, while the second kind is a reinforcing feedback loop. Each type of exploit meets a first line of defence in control processes or in escalating ('reinforcing') processes of resistance. The possible combinations of the two modes of attack and the two modes of defence yield four archetypes of exploit and natural defence. Predictably, the social engineer would seek to outsmart the first line of defence; it is shown that each archetype implies a particular strategy to do so. Anticipation of these modes of attack must be the starting point for an effective multilayered defence against social engineering attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
