Which of the following is a major reason that social engineering attacks succeed?
A.
Audit logs are not monitored frequently
B.
Lack of security awareness
C.
Strong passwords are not required
D.
Multiple logins are allowed
Explanation:
Social engineering attacks work because of the availability heuristic, law of reciprocity, and law of
consistency. In the past people have had experiences where a co-worker with a legitimate
problem asked for help and been grateful for it. So by consistency, they feel the urge to help
others again the way they’ve helped out somebody in the past. By availability, when someone
asks for help, they associate that ask for help for every legitimate cry for help, and times when
they needed help themselves and were helped; so essentially they’re being a good Samaritan. If
an awareness program were to be implemented where employees could be aware of social
engineering tactics, they would be more likely to think about them, and be more suspect of an
attack when someone does ask for a favor. With this knowledge in intuition, an employee will
make a smarter decision.