How third parties gain unauthorized access to systems by targeting employees to manipulate them into revealing information.
Time and again, third parties gain unauthorized access to systems by deliberately exploiting employees to manipulate them into revealing information. This technique is called social engineering. For companies, social engineering is scary. The phenomenon is complex, involves many different psychological and communication techniques, and there are almost never clear solutions that always work. That's why we've compiled the five best books on social engineering. They explain the psychology behind social engineering, how attackers go about it, and what measures companies can take to best protect themselves from such attacks.
As digital transformation continues, IT security is also becoming more professional. With the book "Protection against social engineering: attack points and defence options in digital economy ecosystems", the editors Prof. Dr. Dirk Drechsler, Dirk Haag, Otmar Hertwig, Anselm Rohrer, Marco Dennis Schmid present an anthology dedicated to the protection of digital ecosystems against attacks with social engineering. In six main chapters, various authors first address the central concepts to describe the phenomenon. While these chapters are quite academic and of little immediate use to the user, things get interesting in the last three chapters. Here, the authors address social engineering from the perspective of companies, the police and end users.
The book offers a comprehensive introduction to the problem of social engineering in a corporate context and also includes criminological aspects. The great strength of the book is its clear structure and the different perspectives that are allowed to have their say in the anthology. This gives the interested reader a coherent overall view of the complex of topics and an excellent basis for delving into individual areas in a targeted manner.
Security expert Bruce Schneier's book The Art of Human Hacking: How Social Engineering Works and How to Protect Yourself Against It" provides an excellent introduction to basic social engineering terms, concepts and strategies, explaining how attackers exploit psychological principles to elicit information from others. After explaining the most important concepts, he devotes several chapters to the practical side of social engineering. Using real case studies, he shows how the human factor can become a security vulnerability and how companies can prevent this through prevention.
The book "Social Engineering enttarnt: Sicherheitsrisiko Mensch" (Social Engineering Unmasked: The Human Security Risk) also takes a similar approach. In 320 pages, Christopher Hadnagy, Dr. Paul Ekmann and Paul Kelly address the question of what human gestures reveal to trained attackers about their counterparts and how hackers use this information to gain trust and obtain information. The perspective of the attacked is never neglected. Instead, many useful tips accompany the book's descriptions, making it a valuable resource for IT decision makers to understand the potential vulnerabilities among their own employees.
The Art of Deception: Human Risk Factor" is one of the first books devoted to social engineering and is now a classic on the subject. From the perspective of an ex-hacker, Kevin D. Mitnick vividly describes the psychological mechanisms he uses to gain unauthorized access to other people's systems. In doing so, he never remains merely theoretical, but illustrates various concepts and attack methods using practical illustrative examples from the past. They are ideal for creating an awareness of the problem among employees and critically reviewing their own behavior.
One of the most recent guides on social engineering comes from Michael Willer. In six main chapters, he describes in detail in Preventing Social Engineering: "Practical Guide for Companies" how social engineering works, which attack techniques exist and how companies can protect themselves. On the one hand, the author goes into the psychological concepts - for example, the Facial Action Coding System that attackers use to assess various reactions of the counterpart and use them to their advantage. Here, however, other books are more detailed and thorough.
The strength of this book is its manual nature. On 69 pages, the author manages to cover all essential aspects of social engineering, at least briefly. This makes it particularly interesting for IT decision-makers with little time who want to get a quick overview of the various attack techniques. Therefore, it is also suitable as a reading tip for employees to create awareness of the security risks associated with social engineering.
Social engineering is not a new phenomenon and is as old as the first telephone and computer systems. Accordingly, many good books are now also available in German that explain how social engineering works and how companies can protect themselves from it. Decision-makers can use these books to develop an awareness of the problem and a basic understanding of the topic so that they can then develop effective defensive measures.