Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Blockphish - Social Engineering (LDSC Cyber Themed Evening)

22 views

Published on

Cyber Themes 2018: https://londondsc.co.uk/cyberthemes2018/

Use "#SocialEngineering" on Twitter to join in the conversation

---
What is BLOCKPHISH?
BLOCKPHISH provides organisations with the ability to improve their resilience against phishing attacks.
Our innovative features include:
- Bespoke ethical phishing campaigns mimicking current cyber threats
- Feedback to users who take the phishing bait
- Comprehensive reporting to track organisational progress
- Tailored awareness learning using a proven portfolio of methods and techniques

---
We are a not for profit organisation, founded as a joint venture by the Mayor of London, the Metropolitan Police Service (MPS) and the City of London Police (CoLP). We work in partnership with private industry and academia to help businesses, primarily SME business (less than 249 employees), to embrace digital innovations and operate in a secure online environment protecting themselves against cyber criminals.

What is our purpose?
- To provide simple, measurable and effective digital security solutions to businesses.
- To enable businesses to operate in a secure digital environment.
- To target victims of cyber crime and provide support to prevent repeat victimisation.
- To evidence a positive shift in the digital security of businesses.

---
Find out more information via:

Website ▶ https://londondsc.co.uk/
Twitter ▶ https://twitter.com/LondonDSC
LinkedIn ▶ https://www.linkedin.com/company/london-digital-security-centre/
Instagram ▶ https://www.instagram.com/londondigititalsecuritycentre

  • Be the first to comment

  • Be the first to like this

Blockphish - Social Engineering (LDSC Cyber Themed Evening)

  1. 1. Social Engineering 19th June 2018 Daryl Flack Daryl.Flack@BLOCKPHISH.com
  2. 2. What is Social Engineering?  The art of manipulating people into performing actions or divulging confidential information  An exploitation of trust – Leverage the trust of a victim to gain access to sensitive information or resources or to elicit information about those resources  The path of least resistance – Why bother developing and planning a sophisticated technical hack when you could simply trick someone into giving you access to anything you want?
  3. 3. What is Phishing  What is it? – Fraudulent emails, text messages, social media messaging and websites created to look like they're from authentic companies or people – Spear Phishing: Targets specific groups, teams or individuals using more tailored approach – Whaling: spear-phishing that targets executives or high net worth individuals – Angling: Impersonate the teams or platforms of various businesses to gather personal data.  What does it do? – Trick you into giving information or carrying out actions 3 Phishing: fraudulently sending emails purporting to be from reputable people or companies
  4. 4. 4 91% ‘An estimated 91-percent of hacking attacks begin with a phishing or spear- phishing email’ SOURCE: http://www.wired.com/2015/04/hacker- lexicon-spear-phishing/
  5. 5. Why Does it Work? 5 Dr. Robert Cialdini determined there are 6 key factors for influence: 1. Consistency 2. Consensus 3. Authority 4. Similarity 5. Reciprocity 6. Scarcity
  6. 6. Why would my company be a target? Do you have access to funds? 6 Do you collect or process personal or sensitive data? Do you possess or have access to intellectual property? Do you have clients, suppliers or partners who have any of the above?
  7. 7. What can you do to protect yourself?  Ongoing ethical phishing campaigns – Varying complexities – Utilising different influence factors – Targeting all staff, individual teams and high risk individual staff members – Blended with “just in time” learning – Extending campaigns to inlcude other forms of social engineering: • Vishing (gaining credentials fraudulently via a phone call), • Smishing (using SMS), • Social Media (Angling)  Ongoing staff awareness: – Regular and concise learning, delivered in multiple formats – Engaging, competitive and enjoyable – Adaptive, personalised and appropriate – Measurable and effective - demonstrates benefit of investment 7
  8. 8. What can you do to protect yourself?  A robust endpoint protection platform  A secure web gateway to include: – Upstream spam / junk blocking software – E-mail content filters – Sandboxing capabilities / URL rewriting  Other controls such as: – DMARC, DKIM, SPF. 8
  9. 9. Don’t believe you’ll be deceived? 9 https://youtu.be/opRMrEfAIiI
  10. 10. 10 Thank you for your time 0845 86 22 365contact@BLOCKPHISH.com BLOCKPHISH@BLOCKPHISH

×