Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Social engineering power point


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Social engineering power point

  1. 1.  Social engineering is the process of acquiring information from legitimate users for illegitimate means  Social engineering poses a significant threat to any organization.
  2. 2.  Loss of company assets  Loss of client assets and information  Loss of revenue because companies cease to conduct business with entities that do not adequately protect their information  Can result in financial losses for individuals
  3. 3.  Numerous customers of WFC discovered unauthorized purchases on their credit cards  Amounts exceeded $100,000  EW was required to pay $100,000 due to contract obligations  EW lost contracts with other companies  Mr. Farmer, Director of Web Promotion lost his job
  4. 4.  Hacker used publicly available information to gain knowledge of company and employees  Hacker dropped the names of WFC and EW employees in an effort to build a relationship with Mr. Farmer  Hacker was able to exploit the misconduct of an employee in order to gain needed information  Mr. Farmer knew he was in trouble and the hacker played on this  Hacker acted as if he would protect Mr. Farmer from losing his job
  5. 5.  Hacker was helping Mr. Farmer view more website that he liked  Mr. Farmer readily provided his password in hopes of not getting in trouble for the unapproved website viewing
  6. 6.  Training was not conducted to educate employees of the implications of the release of information  Mr. Farmer was using IM to divulge personal information about himself  WFC and EW websites were thoroughly researched to find information that could be exploited  Mr. Farmer’s chat room discussion that revealed his employer and job title quite possible let to the hacker’s decision to target him
  7. 7.  The same password was used for multiple accounts by Mr. Farmer  He used a strong password and felt it was adequate to use for all accounts
  8. 8.  Employees should be educated on how to use strong passwords and not to use the same one for all accounts  Educate employees not to become a victim to coercion or enticement techniques employed by SEs  The company must not be narrowly focused concerning security. It must look at all areas that is can secure data  Utilization of secure password techniques  Sound policy on use of computers
  9. 9.  Educate employees on ensuring the identity of people they are speaking with  Educate employees not to reveal information outside of official communication  Ensuring employees are not doing things that could be exploited by a potential hacker  Properly dispose of any information that could be used against the company, employees and clients
  10. 10. Mr. Farmer put himself in the position of vulnerability to hackers by visiting these illicit websites.  What can an organization do to discourage this type of behavior?  How is a company to know that an individual is engaging in a certain type of behavior that would make the company vulnerable for an attack?
  11. 11.  Honan, M. (2007). How Apple and Amazon Security Flaws Led to My Epic Hacking. Retrieved from: apple-amazon-mat-honan-hacking/all/