Transform your biggest risks into one of your greatest allies.

1. © 2020 Attivo Networks. All rights reserved. 1Confidential
Transform your biggest risks into one of your greatest allies
human dilemma_
Webinar starts at
12:00 pm AEDT
/the

2. © 2020 Attivo Networks. All rights reserved. 2Confidential
Transform your biggest risks into one of your greatest allies
human dilemma_
/the

3. +
Our Speakers
Jacqueline Jayne
KnowBe4
Security Awareness Advocate - APAC
Kelvin Heath
Vectra
Chief Security Officer

4. human dilemma_
/the

5. 5
90%
of successful data breaches
started with a phishing
attack
• 90% of successful data breaches
started with a phishing attack
• In Australia, 65% of Businesses
reported interruptions due to a
security breach in the last year
• 60% of small business who
experienced a major cyber incident
never recover
Reality by Numbers

6. 6
Percentage of
organisations that
have been breached
in the past 12
months
• 35% of Japanese
• 34% of Australian
• 33.5% of Indian
• 32% of Malaysian
• 26% of Singapore
• 24% of Philippines
70% say educating employees
and leaders is their biggest
challenge and 60% struggle to
provide it
https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-
papers/sophos-the-future-of-cybersecurity-in-apj.pdf

7. 7
Human Error

8. • 1,300,000 Facebook logins
• 19,000,000 texts sent
• 190,000,000 emails sent
• $1,100,000 spent online
Wait One Minute!

9. 9
Agenda
• The Perception vs. Reality dilemma
• Understanding the OODA (Observe, Orient,
Decide, Act) Loop
• How social engineers and scam artists
achieve their goals by subverting its
different components
• How we can defend ourselves and our
organisations

10. 10
Pick a card

11. 11
Is it gone?

12. 12
How did I do it?
We started with this:
And ended with this:
These are two completely different sets of cards.
And by rushing you through the process, you probably didn’t notice!

13. 13
Our brains’ job
is to filter, interpret,
and present us
with ‘reality’
Understanding the root of deception

14. 14
What is REALITY?

15. 15
"It deosn't mttaer in waht oredr the ltteers in a
wrod are, the olny iprmoetnt tihng is taht the
frist and lsat ltteer be in the rghit pclae.
The rset can be a toatl mses and you can sitll
raed it wouthit a porbelm.
Tihs is bcuseae the huamn mnid deos not raed
ervey lteter by istlef, but the wrod as a wlohe."

16. 16
Agenda
• The Perception vs. Reality dilemma
• Understanding the OODA (Observe, Orient,
Decide, Act) Loop
• How social engineers and scam artists
achieve their goals by subverting its
different components
• How we can defend ourselves and our
organisations

17. OODA
-----------
A Model for
Decision
Making
OBSERVE
ORIENT
DECIDE
ACT

18. 18
OBSERVE
ORIENT
DECIDE
ACT
OBSERVE
ORIENT
DECIDE
CRITICAL THINKING STEPS
The ideal situation for a
social engineer is to hijack
the OODA loop by creating a
knee-jerk action that
effectively bypasses the first
three steps and results in the
attacker’s intended Action.

19. 19
OBSERVE
ORIENT
DECIDE
ACT
OBSERVE
ORIENT
DECIDE
Messing with the OODA Loop
• Manipulate facts
• Withhold facts
• Manipulate Context
• Manipulate Attention
• Exploit known bias
• Invoke Emotion
• Feed them a ”truth sandwich”

20. 20
Agenda
• The Perception vs. Reality dilemma
• Understanding the OODA (Observe, Orient,
Decide, Act) Loop
• How social engineers and scam artists
achieve their goals by subverting its
different components
• How we can defend ourselves and our
organisations

21. 21
Disinformation
watch videotocontinue
error
to solve
clickhere
advertising
wait5 secondS
downloadskip
click here
getfreemoney!
$

22. 22
Immediate Stressor Events
https://www.mailguard.com.au

23. 23
Immediate Stressor Events
https://www.mailguard.com.au

24. 24
Immediate Stressor Events
https://www.mailguard.com.au

25. 25
Immediate Stressor Events
https://www.mailguard.com.au

26. 26
https://www.cyber.gov.au/threats
https://auspost.com.au/
Smishing

27. 27
Agenda
• The Perception vs. Reality dilemma
• Understanding the OODA (Observe, Orient, Decide, Act)
Loop
• How social engineers and scam artists achieve their
goals by subverting its different components
• How we can defend ourselves and our organisations

28. 28

29. If you try to work against human nature,
you will fail…

30. 30
It’s a Human Condition
Are You Being Manipulated?
-- understand the lures --
Greed
Urgency
Curiosity
Fear
Self Interest
Helpfulness

32. +
Where does Security Awareness & Training fit in
with my Cyber Security Compliance & Frameworks?
NIST ISO 27001PCI DSS

33. 33
Security Awareness and Education Program

34. 34
Phishing Security Test
Phishing Reply Test
Phishing
Security Awareness
Training Password Email Security Malware
Social Media Phishing Test
Phish Alert Button
Second Chance
Automated Security
Awareness Program
(ASAP)
Training Preview
Breached Password Test
Weak Password Test
Password Exposure Test
Multi-Factor
Authentication
Security Assessment
Email Exposure
Check Pro
Domain Spoof Test
Mailserver Assessment
(MSA)
Domain Doppelgänger
Ransomware
Simulator Tool
USB Security Test
E-Books Case Studies White Papers BlogResearchWebinarsGlossary …and more!
FREE Tools and Resources https://www.knowbe4.com/resources

35. 35
Products and Services
Kevin Mitnick
Security Awareness Training
Enterprise Security
Awareness Training
Identify and respond to email
threats faster with PhishER
Streamline your compliance,
risk, and audit management
with KCM GRC.
Book a KnowBe4
Platform Overview

36. +
For more information and to book your
KnowBe4 platform demonstration
Visit our partner page!
https://www.vectracorp.com/partners/knowbe4
Questions?

37. © 2020 Attivo Networks. All rights reserved. 37Confidential
THANK YOU !
Contact us on:
vectra-corp.com
vimeo.com/vectra
linkedin.com/company/vectra-corporation-ltd
info@vectra-corp.com