Since such attacks do not set off alarm bells at the firewall, most companies remain unaware of the breach. A study released by US-based internet and telecom firm Verizon this March said 85 per cent of hack victims were not aware of the breach for several weeks. Worse, 92 per cent of the victims found out about it only after a third party alerted them.
The Indian government has itself been the victim of three such social engineering attacks, all from China. The most recent was LuckyCat, which targeted Indian and Japanese government computers beginning June 2011. In all, it hit 233 computers.
“Earlier, hackers targeted servers, so organisations set up firewalls,” says Dhruv Soi, Director of Torrid Networks. “So, hackers are now targeting employees.” Soi – and every cyber security expert BT spoke to – considers social engineering the biggest threat to a company’s data.