Do China's current companies need to pay attention to the attacks of social engineers?

A couple of years ago, the provincial and regional branches of some large communications companies had been hacked into using social engineering attacks to steal customer data and trade secrets. And if the need to pay attention to and prevent such attacks, I think it is necessary. At least the technology, the company in the IT internet industry needs to pay considerable attention to.

Now that you see someone, add a personal example. Half a month ago received a car 4S store friend calls, said the company front desk computer failure, there are important customer data loss can not open, let me go to help them look down. The test found that the customer data could be stolen, and because the hacker may be afraid of tracing, it destroyed the computer system that stored the information, removed a lot of data, after one hours finally recovered. To avoid being attacked again, the network security situation in the 4S store was detected, and it was found to be open to customers with free WiFi and a free computer at the 4S store member rest area. These computers use the network, free wifi use of the network and the front desk customers record computers, finance, after-sale and other computers in an intranet environment, and the routing management system used by the default weak password password. This situation led to hackers connected to the 4S store WiFi intranet can easily attack all the computer systems in the store, resulting in car owners of personal information leakage, causing unnecessary trouble. A lot of loans, ads, scams and other harassing phone calls are the same.

So the main points of argument: Many companies now install WiFi for the convenience of their employees, and the security of the WiFi password is worrisome, even if outsiders can directly ask for a WiFi password directly from the company's staff with low safety awareness (I've tried it many times, basically, I can ask), And if in this case the WiFi network and the internal use of the network within the same LAN, the intrusion has become very simple, the theft of corporate information, customer information are also a small effort.

In addition, the use of social engineering technology to fabricate lies, win trust and so on, as long as the company can infiltrate into the intranet can launch attacks. For example, in a company room on the wall of the network socket plug in a portable WiFi can be connected to the company near the WiFi intrusion attack ( I had a friend who pretended to be in a big company and got a portable wifi in it and rented a small house near the company. Persistent sniffer attacks steal a large amount of business information and customer personal information.

Another common commercial espionage attack is quite a lot, I have friends because of the need to obtain a company's technical information and go to the other company for 3 months. These ordinary people seem to be in the movie plot actually in the real life all has certain existence. Technology in the development of society in progress, now what industries are using the Internet, are in the use of computers, many will use computers to store data, and network security is a part that can not be neglected. In the network security, the social engineering attack, exploits the human nature loophole to carry on the attack is both simple low cost, but also can use flexibly, the success rate high attack way.