http://www.wired.com/2015/08/ava-human-vulnerability-scanner-finds-your-weakest-security-link/
By Klint Finley
Business
Wired.com
08.11.15
TRICKING PEOPLE INTO bypassing security measures, revealing passwords, and
disclosing confidential information is called “social engineering” in the
computer security business. It’s a huge problem, and it’s one Laura Bell,
founder of the New Zealand security consultancy SafeStack, was
contemplating while home on maternity leave two years ago. Although many
companies have mandatory security trainings, she realized there’s no real
way of knowing whether such training is effective until it’s too late.
What her clients really needed, she decided, was a way to identifying the
employees most vulnerable to social engineering attacks. There wasn’t
anything like that available at the time, so working in half-hour
increments as her daughter slept, she created AVA, a free open-source tool
for what Bell calls human vulnerability scanning. But not everyone is
happy with the results.
“Some people have said I should go to prison for releasing this,” Bell
says.
First, a hypothetical example of social engineering at work. Imagine
you’re a junior help desk technician at a large company. You’re low on the
corporate ladder, and constantly worried about keeping your job. One night
you get a text from a number you don’t recognize. “It’s Ted,” the message
reads. “I need my password reset immediately. Lots of money riding on this
deal.”
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
