Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Social Engineering, Insider and Cyber Threat

1,784 views

Published on

Presentation with voice over: Discussion of how Social Engineers can target a business as part of preparation for a cyber attack and how this gives us more opportunities to prevent or limit the affect of the attack through proper policy, use of resources and training.

Published in: Business, Technology

Social Engineering, Insider and Cyber Threat

  1. 1. Social Engineering, Insider and Cyber Threat Mike Gillespie – MD Advent IM Ltd The UKs Leading Independent, Holistic Security Consultancy
  2. 2. coming up  what we mean by Social Engineering and Insider Threat  what this means to Cyber Threat  buildings and technology, combined with people, offer cyber terrorists and criminals not only more targets, but more tools  serious cyber crime can start before anyone logs onto anything  people are our weakest link and cross security disciplines  our attitude to security and security awareness training needs to evolve  joining the dots and the holistic approach
  3. 3. preparation is everything – even in cyberspace
  4. 4. Social Engineering & Insider Threat some images courtesy of freedigitalphotos.net
  5. 5. Social Engineering & Insider Threat some images courtesy of freedigitalphotos.net
  6. 6. what does this mean for cyber threat and crime? Intelligence gathering Greater chance of cyber success
  7. 7. what does this mean for cyber threat and crime? Followed target into building or pose as contractor Watched building to select target ‘Bumped into’ target and engaged in conversation – trust gained ‘Borrowed’ their mobile device Researched target and ‘friends’ via social networks …and/or their pass card Gained access to server The cyber attack technically starts here…
  8. 8. Joining the dots and the holistic approach • Realistic holistic Threat and Risk Assessments that don’t isolate ‘cyber’ • Realistic appropriate action and policies • C-level commitment and leadership • Top down security culture health • Holistic Security Awareness Training for all staff • Regular refreshers as part of the virtuous security cycle security evolution
  9. 9. Joining the dots…27001 in words… • Continuous improvement (PDCA) • Ensure and Assure • Confidentiality, Integrity, Availability • Risk based • Proportionate • Governance • Compliance
  10. 10. the standard… • Asset management • HR • Physical security • Communications and Operations • Access Control • System Development • DR, BCM and Incident Management • Compliance
  11. 11. Establish the ISMS Maintain & improve the ISMS Monitor & review the ISMS Implement & operate the ISMS Development, maintenance & improvement cycle plan act check do Informationsecurity requirementsandexpectations ManagedInformationsecurity ISO27001 in pictures…
  12. 12. And so…  people are our weakest link and cross security disciplines  buildings and technology, combined with people, offer cyber terrorists and criminals not only more targets, but more tools  serious cyber crime can start before anyone logs onto anything  our attitude to security and security awareness training needs to evolve
  13. 13. thank you Social Engineering, Insider and Cyber Threat www.advent-im.co.uk www.adventim.wordpress.com @Advent_IM www.linkedin.com/company/advent-im 0121 559 6699 0207 100 1124

×