We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2016 - Nathan Cooper - Social Engineering
Social engineering attacks are a dominant threat, with 61% of companies affected. Learn how to identify and prevent these threats with expert Nathan Cooper's presentation on social engineering defense and best practices.
- Social engineering is a dominant form of attack, 61% of all companies have experienced a social engineering attack.
- Pearson’s famous study showed that people were willing to follow directions from a stranger and carry out harmful actions.
- PCI is really expensive due to the required level one procedure.
- Visual authority is easily manipulated, people are more likely to trust someone who appears authoritative.
- Vulnerabilities can be mitigated but not eliminated, people are unaware of the subtle attacks.
- The key to success is to develop good relationships, understand psychology, and be prepared.
- Security awareness and fault tolerance are crucial in preventing attacks.
- It’s not about being a superhero, just being prepared for the unexpected.
- Don’t be afraid to test your own emails, check for vulnerabilities.
- In-house training is more effective than outside vendors, it’s all about soft skills.
- Talk to your family and friends about security, it’s not just about business.
- ARp poisoning, anyone?
- The FBI has a regional center in Utah, which deals with fraud and other issues.
- Verification and checking of vulnerabilities are essential.
- Positive reinforcement is essential, use vending machines and free parking.
- The key to success is to plan and train, don’t be a jack-of-all-trades.
- Keep it simple, use the military’s basic security course.
- Be gentle, but firm, when dealing with employees.
- Market your product in a way that resonates with the business.
- Don’t be afraid to be wrong, just be willing to learn.
- The CAF framework provides a solid foundation for social engineering defense.
- Don’t try to be too clever, keep it simple and honest.
- Make sure to get buy-in from management and employees.
- Don’t underestimate the value of an employee’s service to the company.
- Plan and train, don’t just respond to incidents.
- Keep records of incidents and vulnerabilities.