This post is part of the series, SmallBusiness.com Guide to Business Computer and Tech Security: Advice, alerts and information about digital security threats faced by small businesses. You can browse other posts in the series below.
Pindrop Security, an Atlanta-based software company backed by several major investors including Google Capital, has developed software that analyzes the voice patterns of people calling into a company’s call center or other department. The software “listens” for callers who may be attempting to trick a company’s employees into providing them information that could be used later in a cyber attack. Pindrop, along with companies like Nuance (the company behind Dragon Naturally Speaking), are trying to solve the threat of the “human” hacking approach we’ve explored before on SmallBusiness.com, “Social Engineering,” a method that is based on age-old confidence games.
While most small business owners and managers may picture cyber criminals as computer experts who try to break into a super-secure server, one of the most common threats to a business network comes from something called by security specialists, “social engineering.” (The rest of us call the method a “con game.”) It’s an approach that involves a bad guy convincing (conning) a victim to provide them some key bit of information they need to carry out an intended crime. Like “phishing” in email, the method tries to dupe the employee into thinking — by fake caller ID, for example — the caller is from a trusted source.
How does software detect social engineering fraud attemps?
Along with using voice recognition technology (think, Siri), voice security companies use various ways to analyze “voice biometrics” to establish or match an existing “acoustic fingerprint” of a caller. The software might also consider a wide array of variables that will lead it to “flag” or even block a caller, including:
- The origination location of the call
- If the call is coming from a trusted number
- The kind of device or application the caller is using
(In cyber crime), the weakest link is often the human. And social engineering — meaning plain old deceit and trickery — is still one of the best ways for a fraudster to get through defenses.
Vijay Balasubramaniyan, Pindrop Security founder and CEO
Photos: ThinkStock and Pindrop.com