When computer systems get "owned", you may think it takes a master-geek with an extensive amount of knowledge to hack into tightly-secured systems. After all, security bugs are quickly found out, and patches can be released within a few days.
But when securing a computer system or network, especially the larger ones, many network administrators forget the most dangerous kind of hacking: social engineering. It may not sound like a threat, but it is.
As Dark Reading writes, a spy went into the bank to do some transactions, but while doing so, taking note of all the equipment in the room. Once they had gathered enough information, the author went in to "attack", posing as a photo-copier repair person. A laptop was set up, and within a few seconds, login data for a number of users had been stolen.
The problem with stopping social engineering is that all your computers are controlled by humans. There isn't a single computer in the world that doesn't rely on a human being at some point.
This brings in a whole new aspect. Not only do you have to protect yourself against invaders through the ethernet cable that is plugged into the network/internet, you now have to protect your staff and yourself from people trying to hack socially. Hackers will try to intimidate staff, and humans are only so perfect.
Establishing network and password policies is a good first step. Making sure that people are who they really say they are, and even calling someone to confirm this, offers good protection.
You have to remember that hackers are without ethics, and when you think about this, you will realize that hackers will do anything to gain access to a computer system.
So, social engineers are essentially hacking the human itself to steal login information. Unfortunately, iptables and other standard computer security isn't available for the human platform. This should help you visualize the vulnerability of your network. Remember, "Your network is only as strong as its weakest link."
So watch out!