Published: 01 Oct 2008
A best seller from the 1930s provides timeless social engineering insight for security professionals.
I want to thank Kevin Mitnick, Ira Winkler, Bruce Schneier and Michael Santarcangelo for bringing to light the challenges we face with social engineering. In their books and talks, they remind us that despite cool new tools and technologies, humans will always be the weakest security link and prey for fraudsters.
However, the best book on social engineering has really nothing to do with security and was originally published in 1936: How to Win Friends and Influence People by Dale Carnegie. It should be required reading for all security professionals.
His message is invaluable on many levels: "When dealing with people, let us remember we are not dealing with creatures of logic. We are dealing with creatures of emotion, creatures bustling with prejudices and motivated by pride and vanity."
Carnegie didn't write his book for con artists, but if you put your black hat on you will see how his advice could readily be used by today's nefarious social engineers:
Now wait, there's more. In addition to providing insight into the tactics used by the modern Internet fraudster, Carnegie's tips on how to lead and influence others can help build support for security initiatives. Put on your white hat and try using some of these techniques; I guarantee your security program will flourish.
Who knew that a self-help book from the Depression era could arm a security professional with such useful knowledge? Take some time to learn a little psychology and people skills, and see the difference in your security program.