Social engineering power point

  • 198 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
198
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1.  Social engineering is the process of acquiring information from legitimate users for illegitimate means  Social engineering poses a significant threat to any organization.
  • 2.  Loss of company assets  Loss of client assets and information  Loss of revenue because companies cease to conduct business with entities that do not adequately protect their information  Can result in financial losses for individuals
  • 3.  Numerous customers of WFC discovered unauthorized purchases on their credit cards  Amounts exceeded $100,000  EW was required to pay $100,000 due to contract obligations  EW lost contracts with other companies  Mr. Farmer, Director of Web Promotion lost his job
  • 4.  Hacker used publicly available information to gain knowledge of company and employees  Hacker dropped the names of WFC and EW employees in an effort to build a relationship with Mr. Farmer  Hacker was able to exploit the misconduct of an employee in order to gain needed information  Mr. Farmer knew he was in trouble and the hacker played on this  Hacker acted as if he would protect Mr. Farmer from losing his job
  • 5.  Hacker was helping Mr. Farmer view more website that he liked  Mr. Farmer readily provided his password in hopes of not getting in trouble for the unapproved website viewing
  • 6.  Training was not conducted to educate employees of the implications of the release of information  Mr. Farmer was using IM to divulge personal information about himself  WFC and EW websites were thoroughly researched to find information that could be exploited  Mr. Farmer’s chat room discussion that revealed his employer and job title quite possible let to the hacker’s decision to target him
  • 7.  The same password was used for multiple accounts by Mr. Farmer  He used a strong password and felt it was adequate to use for all accounts
  • 8.  Employees should be educated on how to use strong passwords and not to use the same one for all accounts  Educate employees not to become a victim to coercion or enticement techniques employed by SEs  The company must not be narrowly focused concerning security. It must look at all areas that is can secure data  Utilization of secure password techniques  Sound policy on use of computers
  • 9.  Educate employees on ensuring the identity of people they are speaking with  Educate employees not to reveal information outside of official communication  Ensuring employees are not doing things that could be exploited by a potential hacker  Properly dispose of any information that could be used against the company, employees and clients
  • 10. Mr. Farmer put himself in the position of vulnerability to hackers by visiting these illicit websites.  What can an organization do to discourage this type of behavior?  How is a company to know that an individual is engaging in a certain type of behavior that would make the company vulnerable for an attack?
  • 11.  Honan, M. (2007). How Apple and Amazon Security Flaws Led to My Epic Hacking. Retrieved from: http://www.wired.com/gadgetlab/2012/08/ apple-amazon-mat-honan-hacking/all/