Upgrade to Pro — share decks privately, control downloads, hide ads and more …

People Security and Social Engineering

Chris Cooper
September 27, 2016
Technology
0
120

People Security and Social Engineering

A talk on social engineering as a means of attacking and compromising an organisation's information security, directed towards the self-employed, small businesses and staff at larger organisations. Tackles concepts such as manipulation, physical intrusion, phishing, vishing and baiting. Emphasises staff awareness as the most effective form of defence.

Presented to The Insurance Institute of Sussex (a local section of the Chartered Insurance Institute) on 27th September 2016.

http://www.ciibrighton.org.uk/

Chris Cooper

September 27, 2016
Tweet

More Decks by Chris Cooper

See All by Chris Cooper
The Digital Hostage: Ransomware in the Workplace
itscooper
0
110
Keeping Your Data Secure: A Guide for Human Beings
itscooper
0
190
E-Safety: How technology can protect us from technology
itscooper
0
310
Social Engineering: How to Rob a Bank with a Phone
itscooper
0
210
The Cookie Monster (and other web security exploits)
itscooper
3
360
Hacking the Box (Joseph Sheridan)
itscooper
1
280
Breaking Stuff: What Ethical Hacking Has Taught Me
itscooper
1
150

Other Decks in Technology

See All in Technology
The Rise of LLMOps
asei
8
1.7k
AIチャットボット開発への生成AI活用
ryomrt
0
170
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
760
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
510
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
370
OS 標準のデザインシステムを超えて - より柔軟な Flutter テーマ管理 | FlutterKaigi 2024
ronnnnn
0
240
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
490
SREが投資するAIOps ~ペアーズにおけるLLM for Developerへの取り組み~
takumiogawa
1
440
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
660
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
700

Featured

See All Featured
BBQ
matthewcrist
85
9.3k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Automating Front-end Workflow
addyosmani
1366
200k
Building Adaptive Systems
keathley
38
2.3k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Faster Mobile Websites
deanohume
305
30k
Unsuck your backbone
ammeep
668
57k
Designing Experiences People Love
moore
138
23k
Docker and Python
trallard
40
3.1k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
We Have a Design System, Now What?
morganepeng
50
7.2k

Transcript

  1. PEOPLE SECURITY & SOCIAL ENGINEERING Chris Cooper

  2. SENIOR SECURITY CONSULTANT Chris Cooper

  3. Understand why social engineering is a prevalent form of attack

    against organisations 1 Know some of the most common techniques employed by attackers and why they work 3 Be able to identify the challenges involved in resisting these types of attack 2 Understand the importance of awareness as a key defence mechanism 4 Gain a knowledge of other security controls that can hinder social engineering attacks 5 OBJECTIVES

  4. SOCIAL ENGINEERING MEANS MANIPULATING SOMEONE INTO PERFORMING ACTIONS OR DIVULGING

    INFORMATION

  5. SOCIAL ENGINEERING IS ASSOCIATED WITH HACKING WHEN YOU CAN’T BREACH

    THE FIREWALL HACK A PERSON ALREADY INSIDE

  6. SOCIAL ENGINEERING BECOMES THE EASIER OPTION AS COMPUTER SECURITY MATURES

  7. SOCIAL ENGINEERING IS SPECIALLY CRAFTED CHALLENGE: TO ABUSE HOW OUR

    BRAINS WORK

  8. IS HANDS-DOWN AWARENESS THE MOST EFFECTIVE STRATEGY FOR AN INDIVIDUAL

  9. MANIPULATION

  10. LEGITIMACY PRETEXTING + EMOTION SYMPATHY TRUST LIKING SCARCITY AUTHORITY

  11. “ “ PRESUPPOSE THAT PEOPLE PRESUPPOSITIONS WHERE DO I SIGN

    IN ARE GOING TO DO WHAT YOU ASK PRESUPPOSES THAT THE RECEPTIONIST WILL LET YOU IN

  12. GET TARGETS TO MAKE COMMITMENT & THEY WILL FEEL PRESSURE

    CONSISTENCY SMALL COMMITMENTS TO HONOUR FURTHER REQUESTS IF THEY ARE CONSISTENT

  13. HELPING PEOPLE RECIPROCITY QUID PRO QUO CONCSESSIONS COMPLEMENTS

  14. GIVING YOU INFORMATION SOCIAL PROOF CAN BECOME THE SOCIAL NORM

    IF STAFF SEE THEIR COLLEAGUES COOPERATING WITH YOU

  15. CLEAR POLICIES ON RESISTANCE INFORMATION SHARING TRYING TO BE AWARE

    OF UNDUE PRESSURE TO SUBVERT

  16. IF YOU ARE CONFIDENT CHALLENGE THEM ALWAYS REPORT THEM

  17. METHODS

  18. OSINT OPEN SOURCE INTELLIGENCE PUBLICLY AVAILABLE INFORMATION CORP WEBSITE, GOOGLE,

    SOCIAL NETWORKS

  19. OSINT OPEN SOURCE INTELLIGENCE INFORMATION THAT SEEMS PRIVILEGED MIGHT NOT

    BE

  20. DUMPSTER DIVING AND STICKING SHREDDED PAPER BACK TOGETHER SECURE BINS

    CROSS-CUT SHREDDING SECURE TRANSPORT

  21. INTRUSION & TAILGATING & SHOULDER-SURFING

  22. INTRUSION CULTURE EVERYONE WEARS ID EVERYONE ‘SWIPES’ THROUGH EVERY DOOR,

    
 EVEN IF IT’S OPEN IT’S OKAY TO CHALLENGE REDIRECT TO RECEPTION ALWAYS REPORT

  23. PHISHING & VISHING VOICE PHISHING VIA TELEPHONE

  24. EMAIL PHISHING • DO YOU TRUST THE EMAIL - WERE

    YOU EXPECTING IT? • REMEMBER THAT EMAIL ADDRESSES CAN OFTEN BE SPOOFED • DON’T FOLLOW LINKS AND BROWSE DIRECTLY IF POSSIBLE • CHECK WHERE LINKS ARE REALLY POINTING • DON’T OPEN ATTACHMENTS UNLESS YOU ARE CONFIDENT REGARDING THEIR SOURCE

  25. BAITING REMOVABLE MEDIA THAT WILL RUN MALICIOUS CODE IF YOU

    PLUG IT IN

  26. Understand why social engineering is a prevalent form of attack

    against organisations 1 Know some of the most common techniques employed by attackers and why they work 3 Be able to identify the challenges involved in resisting these types of attack 2 Understand the importance of awareness as a key defence mechanism 4 Gain a knowledge of other security controls that can hinder social engineering attacks 5 OBJECTIVES

  27. speakerdeck.com/itscooper Chris Cooper Thank You