In the age of globalization, the corporate world has made significant advances. With these advancements, the critical infrastructure of the corporate world has witnessed new and emerging challenges. Although there have been rapid advances in sophisticated technologies, manual tasks have remained relatively untouched by such advances. In other words, the advancements in manual tasks have not been as much as we have witnessed in the technological domain. There are still some common threats that our critical infrastructure is facing. To be more specific, the protection levels of infrastructure are still at a nascent stage and vulnerable to attacks. Inside attacks are more common and risk management mechanisms are also at a juvenile stage. The human factor of security infrastructure is largely ignored. This article looks into the various aspects of the above-mentioned threats.
The technological shield
Technology has enabled us to respond to emergency situations very quickly. Technology has improved the various aspects of our life and the most important among these is our IT infrastructure. The most important aspect of emerging technology is related to the smart city. In a smart city, great emphasis is laid on cybersecurity aspects, security systems, and monitoring tools. However, it needs to be noted at this point in time that the manual security that is extremely important in smart cities is given the least importance. Although manual security plays a significant role along with other security aspects, it is usually a neglected field. It has been witnessed that less than 50% of the Hi-Tech organizations have trained security guard services. In fact, they rely on locally suited guards to protect their critical infrastructure.
Over a period of time, a large number of training sessions and workshops have been organized in order to train security guards. However, these have been limited to critical infrastructure and working environs of Smart City are still devoid of such services.
In the security infrastructure of a smart city, very little importance is given to vulnerability assessment and physical security. It needs to be noted that for the smooth functioning of a smart city, it is necessary to bridge the gaps in critical infrastructure systems. All the technological systems have a major role to play in this but the need for physical security cannot be ignored. In fact, policy aspects and defense security strategies have highlighted that cyber and social engineering security should go hand in hand. Let’s take a look at the various aspects of social engineering.
Aspects of social engineering security threats
Organizations working in various fields have constantly been troubled by growing social engineering attacks. Although various types of organizations have been constantly focusing on IT solutions to enhance their security aspects, social engineering has been given less importance. It is important to understand what social engineering is all about. In social engineering, the attackers exploit the psychological aspects of vulnerable targets and put them in a disadvantageous position. The act of social engineering also involves third parties who help in the conduction of unlawful activities. One of the common methods that are used by attackers is to force an office employee to allow third parties to get into the office premises. Once the attackers become successful in their first attempt, they blackmail the particular employee which leads to a chain of threats, thereby exposing the critical infrastructure of the office.
In the present times, social engineering threats are among the most severe ones that are faced by various departments of a smart city. Social engineering threats not only affect the technological systems but also create a hindrance for security guards. For instance, security guards in Malaysia have become a soft target of such attacks in the last few years.
Concluding remarks: The road ahead
To bridge the various gaps in our security infrastructure and preventing social engineering security threats, some critical measures need to be taken. Apart from physical training and demo trials, computer-based training can also be a suitable option. The professional expertise can also be roped in and skill development of security guards can be initiated. Instructor-led training is also a proposed channel through which we can mitigate various attacks on our critical infrastructure. Finally, we can conceive a social engineering defense framework that covers various aspects of our critical and non-critical infrastructure.