Upgrade to Pro — share decks privately, control downloads, hide ads and more …

People Security and Social Engineering

Chris Cooper
September 27, 2016
Technology
0
110

People Security and Social Engineering

A talk on social engineering as a means of attacking and compromising an organisation's information security, directed towards the self-employed, small businesses and staff at larger organisations. Tackles concepts such as manipulation, physical intrusion, phishing, vishing and baiting. Emphasises staff awareness as the most effective form of defence.

Presented to The Insurance Institute of Sussex (a local section of the Chartered Insurance Institute) on 27th September 2016.

http://www.ciibrighton.org.uk/

Chris Cooper

September 27, 2016
Tweet

More Decks by Chris Cooper

See All by Chris Cooper
The Digital Hostage: Ransomware in the Workplace
itscooper
0
100
Keeping Your Data Secure: A Guide for Human Beings
itscooper
0
180
E-Safety: How technology can protect us from technology
itscooper
0
310
Social Engineering: How to Rob a Bank with a Phone
itscooper
0
190
The Cookie Monster (and other web security exploits)
itscooper
2
320
Hacking the Box (Joseph Sheridan)
itscooper
1
270
Breaking Stuff: What Ethical Hacking Has Taught Me
itscooper
1
140

Other Decks in Technology

See All in Technology
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
510
AWSに詳しくない人でも始められるコスト最適化ガイド
yuhta28
1
220
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
910
APIファーストなプロダクトマネジメントの実践 〜SaaSus Platformでの例〜 / "Practicing API-First Product Management - An Example with SaaSus Platform
oztick139
0
100
Cracking the KubeCon CfP
inductor
2
240
私が trocco を推す理由
__allllllllez__
1
220
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
280
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
340
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
290
Compose Compiler Metricsを使った実践的なコードレビュー
tomorrowkey
1
220
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
3
250
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
170

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
187
16k
Web Components: a chance to create the future
zenorocha
305
41k
Build your cross-platform service in a week with App Engine
jlugia
225
17k
How to name files
jennybc
65
93k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
241
1.2M
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
2
3.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
121
39k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
GraphQLとの向き合い方2022年版
quramy
32
12k
Agile that works and the tools we love
rasmusluckow
325
20k

Transcript

  1. PEOPLE SECURITY & SOCIAL ENGINEERING Chris Cooper

  2. SENIOR SECURITY CONSULTANT Chris Cooper

  3. Understand why social engineering is a prevalent form of attack

    against organisations 1 Know some of the most common techniques employed by attackers and why they work 3 Be able to identify the challenges involved in resisting these types of attack 2 Understand the importance of awareness as a key defence mechanism 4 Gain a knowledge of other security controls that can hinder social engineering attacks 5 OBJECTIVES

  4. SOCIAL ENGINEERING MEANS MANIPULATING SOMEONE INTO PERFORMING ACTIONS OR DIVULGING

    INFORMATION

  5. SOCIAL ENGINEERING IS ASSOCIATED WITH HACKING WHEN YOU CAN’T BREACH

    THE FIREWALL HACK A PERSON ALREADY INSIDE

  6. SOCIAL ENGINEERING BECOMES THE EASIER OPTION AS COMPUTER SECURITY MATURES

  7. SOCIAL ENGINEERING IS SPECIALLY CRAFTED CHALLENGE: TO ABUSE HOW OUR

    BRAINS WORK

  8. IS HANDS-DOWN AWARENESS THE MOST EFFECTIVE STRATEGY FOR AN INDIVIDUAL

  9. MANIPULATION

  10. LEGITIMACY PRETEXTING + EMOTION SYMPATHY TRUST LIKING SCARCITY AUTHORITY

  11. “ “ PRESUPPOSE THAT PEOPLE PRESUPPOSITIONS WHERE DO I SIGN

    IN ARE GOING TO DO WHAT YOU ASK PRESUPPOSES THAT THE RECEPTIONIST WILL LET YOU IN

  12. GET TARGETS TO MAKE COMMITMENT & THEY WILL FEEL PRESSURE

    CONSISTENCY SMALL COMMITMENTS TO HONOUR FURTHER REQUESTS IF THEY ARE CONSISTENT

  13. HELPING PEOPLE RECIPROCITY QUID PRO QUO CONCSESSIONS COMPLEMENTS

  14. GIVING YOU INFORMATION SOCIAL PROOF CAN BECOME THE SOCIAL NORM

    IF STAFF SEE THEIR COLLEAGUES COOPERATING WITH YOU

  15. CLEAR POLICIES ON RESISTANCE INFORMATION SHARING TRYING TO BE AWARE

    OF UNDUE PRESSURE TO SUBVERT

  16. IF YOU ARE CONFIDENT CHALLENGE THEM ALWAYS REPORT THEM

  17. METHODS

  18. OSINT OPEN SOURCE INTELLIGENCE PUBLICLY AVAILABLE INFORMATION CORP WEBSITE, GOOGLE,

    SOCIAL NETWORKS

  19. OSINT OPEN SOURCE INTELLIGENCE INFORMATION THAT SEEMS PRIVILEGED MIGHT NOT

    BE

  20. DUMPSTER DIVING AND STICKING SHREDDED PAPER BACK TOGETHER SECURE BINS

    CROSS-CUT SHREDDING SECURE TRANSPORT

  21. INTRUSION & TAILGATING & SHOULDER-SURFING

  22. INTRUSION CULTURE EVERYONE WEARS ID EVERYONE ‘SWIPES’ THROUGH EVERY DOOR,

    
 EVEN IF IT’S OPEN IT’S OKAY TO CHALLENGE REDIRECT TO RECEPTION ALWAYS REPORT

  23. PHISHING & VISHING VOICE PHISHING VIA TELEPHONE

  24. EMAIL PHISHING • DO YOU TRUST THE EMAIL - WERE

    YOU EXPECTING IT? • REMEMBER THAT EMAIL ADDRESSES CAN OFTEN BE SPOOFED • DON’T FOLLOW LINKS AND BROWSE DIRECTLY IF POSSIBLE • CHECK WHERE LINKS ARE REALLY POINTING • DON’T OPEN ATTACHMENTS UNLESS YOU ARE CONFIDENT REGARDING THEIR SOURCE

  25. BAITING REMOVABLE MEDIA THAT WILL RUN MALICIOUS CODE IF YOU

    PLUG IT IN

  26. Understand why social engineering is a prevalent form of attack

    against organisations 1 Know some of the most common techniques employed by attackers and why they work 3 Be able to identify the challenges involved in resisting these types of attack 2 Understand the importance of awareness as a key defence mechanism 4 Gain a knowledge of other security controls that can hinder social engineering attacks 5 OBJECTIVES

  27. speakerdeck.com/itscooper Chris Cooper Thank You