Fully agree, though I must concede that your last two paragraphs bring it forward much better than I did.
While there are technical approaches (2FA, requiring the multiple people, etc.) to make some social engineering attacks harder, they will always have a hard time standing up against human nature as you say.
Luckily, most developers will never have to deal with a system where extensive targeted social engineering (on the nation-state actor level) will be an issue, though as with many aspects of cybersecurity all developers should at least be aware of the dangers and know the basics. The topic of social engineering is of course also large enough that it could have an entire blog series by itself.
Max is a startup software engineer. He seeks to use what he has learnt as a startup founder and tech community leader to solves hard problems with innovate products or services.
I think on a normal basis, we will have to deal with is more towards automated phone scams or choosing the correct non-malicious packages or automated system codes that won't result in vulnerability in software that anyone could exploit for financial gain.
Max is a startup software engineer. He seeks to use what he has learnt as a startup founder and tech community leader to solves hard problems with innovate products or services.
Fully agree, though I must concede that your last two paragraphs bring it forward much better than I did.
While there are technical approaches (2FA, requiring the multiple people, etc.) to make some social engineering attacks harder, they will always have a hard time standing up against human nature as you say.
Luckily, most developers will never have to deal with a system where extensive targeted social engineering (on the nation-state actor level) will be an issue, though as with many aspects of cybersecurity all developers should at least be aware of the dangers and know the basics. The topic of social engineering is of course also large enough that it could have an entire blog series by itself.
I think on a normal basis, we will have to deal with is more towards automated phone scams or choosing the correct non-malicious packages or automated system codes that won't result in vulnerability in software that anyone could exploit for financial gain.
Supply chain attacks (like malicious packages) is actually something I'm going to be covering in a future part of this series :)
Please do social engineering one as well it will be cool on how those are applied in the developer perspective.